Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/rspamd-2.5/clang-plugin/plugin.cc Examining data/rspamd-2.5/clang-plugin/printf_check.cc Examining data/rspamd-2.5/clang-plugin/printf_check.h Examining data/rspamd-2.5/contrib/aho-corasick/_acism.h Examining data/rspamd-2.5/contrib/aho-corasick/acism.c Examining data/rspamd-2.5/contrib/aho-corasick/acism.h Examining data/rspamd-2.5/contrib/aho-corasick/acism_create.c Examining data/rspamd-2.5/contrib/cdb/cdb.h Examining data/rspamd-2.5/contrib/cdb/cdb_find.c Examining data/rspamd-2.5/contrib/cdb/cdb_init.c Examining data/rspamd-2.5/contrib/cdb/cdb_make.c Examining data/rspamd-2.5/contrib/exim/dlfunc-json/rspamd.c Examining data/rspamd-2.5/contrib/exim/local_scan.c Examining data/rspamd-2.5/contrib/fastutf8/avx2.c Examining data/rspamd-2.5/contrib/fastutf8/fastutf8.c Examining data/rspamd-2.5/contrib/fastutf8/fastutf8.h Examining data/rspamd-2.5/contrib/fastutf8/sse41.c Examining data/rspamd-2.5/contrib/fpconv/fpconv.c Examining data/rspamd-2.5/contrib/fpconv/fpconv.h Examining data/rspamd-2.5/contrib/fpconv/powers.h Examining data/rspamd-2.5/contrib/hiredis/adapters/libev.h Examining data/rspamd-2.5/contrib/hiredis/adapters/libevent.h Examining data/rspamd-2.5/contrib/hiredis/async.c Examining data/rspamd-2.5/contrib/hiredis/async.h Examining data/rspamd-2.5/contrib/hiredis/dict.c Examining data/rspamd-2.5/contrib/hiredis/dict.h Examining data/rspamd-2.5/contrib/hiredis/fmacros.h Examining data/rspamd-2.5/contrib/hiredis/hiredis.c Examining data/rspamd-2.5/contrib/hiredis/hiredis.h Examining data/rspamd-2.5/contrib/hiredis/net.c Examining data/rspamd-2.5/contrib/hiredis/net.h Examining data/rspamd-2.5/contrib/hiredis/read.c Examining data/rspamd-2.5/contrib/hiredis/read.h Examining data/rspamd-2.5/contrib/hiredis/sds.c Examining data/rspamd-2.5/contrib/hiredis/sds.h Examining data/rspamd-2.5/contrib/http-parser/http_parser.c Examining data/rspamd-2.5/contrib/http-parser/http_parser.h Examining data/rspamd-2.5/contrib/kann/kann.c Examining data/rspamd-2.5/contrib/kann/kann.h Examining data/rspamd-2.5/contrib/kann/kautodiff.c Examining data/rspamd-2.5/contrib/kann/kautodiff.h Examining data/rspamd-2.5/contrib/lc-btrie/btrie.c Examining data/rspamd-2.5/contrib/lc-btrie/btrie.h Examining data/rspamd-2.5/contrib/libev/ev++.h Examining data/rspamd-2.5/contrib/libev/ev.c Examining data/rspamd-2.5/contrib/libev/ev.h Examining data/rspamd-2.5/contrib/libev/ev_epoll.c Examining data/rspamd-2.5/contrib/libev/ev_iouring.c Examining data/rspamd-2.5/contrib/libev/ev_kqueue.c Examining data/rspamd-2.5/contrib/libev/ev_linuxaio.c Examining data/rspamd-2.5/contrib/libev/ev_poll.c Examining data/rspamd-2.5/contrib/libev/ev_port.c Examining data/rspamd-2.5/contrib/libev/ev_select.c Examining data/rspamd-2.5/contrib/libev/ev_vars.h Examining data/rspamd-2.5/contrib/libev/ev_win32.c Examining data/rspamd-2.5/contrib/libev/ev_wrap.h Examining data/rspamd-2.5/contrib/libottery/aes_cryptobox.c Examining data/rspamd-2.5/contrib/libottery/chacha_cryptobox.c Examining data/rspamd-2.5/contrib/libottery/chacha_merged.c Examining data/rspamd-2.5/contrib/libottery/chacha_merged_ecrypt.h Examining data/rspamd-2.5/contrib/libottery/ottery-internal.h Examining data/rspamd-2.5/contrib/libottery/ottery-threading.h Examining data/rspamd-2.5/contrib/libottery/ottery.c Examining data/rspamd-2.5/contrib/libottery/ottery.h Examining data/rspamd-2.5/contrib/libottery/ottery_common.h Examining data/rspamd-2.5/contrib/libottery/ottery_cpuinfo.c Examining data/rspamd-2.5/contrib/libottery/ottery_entropy.c Examining data/rspamd-2.5/contrib/libottery/ottery_entropy_cryptgenrandom.c Examining data/rspamd-2.5/contrib/libottery/ottery_entropy_egd.c Examining data/rspamd-2.5/contrib/libottery/ottery_entropy_rdrand.c Examining data/rspamd-2.5/contrib/libottery/ottery_entropy_urandom.c Examining data/rspamd-2.5/contrib/libottery/ottery_global.c Examining data/rspamd-2.5/contrib/libottery/ottery_nolock.h Examining data/rspamd-2.5/contrib/libottery/ottery_st.h Examining data/rspamd-2.5/contrib/librdns/compression.c Examining data/rspamd-2.5/contrib/librdns/compression.h Examining data/rspamd-2.5/contrib/librdns/curve.c Examining data/rspamd-2.5/contrib/librdns/dns_private.h Examining data/rspamd-2.5/contrib/librdns/logger.c Examining data/rspamd-2.5/contrib/librdns/logger.h Examining data/rspamd-2.5/contrib/librdns/packet.c Examining data/rspamd-2.5/contrib/librdns/packet.h Examining data/rspamd-2.5/contrib/librdns/parse.c Examining data/rspamd-2.5/contrib/librdns/parse.h Examining data/rspamd-2.5/contrib/librdns/punycode.c Examining data/rspamd-2.5/contrib/librdns/punycode.h Examining data/rspamd-2.5/contrib/librdns/rdns.h Examining data/rspamd-2.5/contrib/librdns/rdns_curve.h Examining data/rspamd-2.5/contrib/librdns/rdns_ev.h Examining data/rspamd-2.5/contrib/librdns/rdns_event.h Examining data/rspamd-2.5/contrib/librdns/ref.h Examining data/rspamd-2.5/contrib/librdns/resolver.c Examining data/rspamd-2.5/contrib/librdns/upstream.h Examining data/rspamd-2.5/contrib/librdns/util.c Examining data/rspamd-2.5/contrib/librdns/util.h Examining data/rspamd-2.5/contrib/libucl/khash.h Examining data/rspamd-2.5/contrib/libucl/kvec.h Examining data/rspamd-2.5/contrib/libucl/lua_ucl.c Examining data/rspamd-2.5/contrib/libucl/lua_ucl.h Examining data/rspamd-2.5/contrib/libucl/tree.h Examining data/rspamd-2.5/contrib/libucl/ucl.h Examining data/rspamd-2.5/contrib/libucl/ucl_chartable.h Examining data/rspamd-2.5/contrib/libucl/ucl_emitter.c Examining data/rspamd-2.5/contrib/libucl/ucl_emitter_streamline.c Examining data/rspamd-2.5/contrib/libucl/ucl_hash.c Examining data/rspamd-2.5/contrib/libucl/ucl_hash.h Examining data/rspamd-2.5/contrib/libucl/ucl_internal.h Examining data/rspamd-2.5/contrib/libucl/ucl_msgpack.c Examining data/rspamd-2.5/contrib/libucl/ucl_parser.c Examining data/rspamd-2.5/contrib/libucl/ucl_schema.c Examining data/rspamd-2.5/contrib/libucl/ucl_sexp.c Examining data/rspamd-2.5/contrib/libucl/ucl_util.c Examining data/rspamd-2.5/contrib/lua-bit/bit.c Examining data/rspamd-2.5/contrib/lua-lpeg/lpcap.c Examining data/rspamd-2.5/contrib/lua-lpeg/lpcap.h Examining data/rspamd-2.5/contrib/lua-lpeg/lpcode.c Examining data/rspamd-2.5/contrib/lua-lpeg/lpcode.h Examining data/rspamd-2.5/contrib/lua-lpeg/lpprint.c Examining data/rspamd-2.5/contrib/lua-lpeg/lpprint.h Examining data/rspamd-2.5/contrib/lua-lpeg/lptree.c Examining data/rspamd-2.5/contrib/lua-lpeg/lptree.h Examining data/rspamd-2.5/contrib/lua-lpeg/lptypes.h Examining data/rspamd-2.5/contrib/lua-lpeg/lpvm.c Examining data/rspamd-2.5/contrib/lua-lpeg/lpvm.h Examining data/rspamd-2.5/contrib/mumhash/mum.h Examining data/rspamd-2.5/contrib/replxx/include/replxx.h Examining data/rspamd-2.5/contrib/replxx/src/escape.cxx Examining data/rspamd-2.5/contrib/replxx/src/history.cxx Examining data/rspamd-2.5/contrib/replxx/src/prompt.cxx Examining data/rspamd-2.5/contrib/replxx/src/replxx.cxx Examining data/rspamd-2.5/contrib/replxx/src/replxx_impl.cxx Examining data/rspamd-2.5/contrib/replxx/src/util.cxx Examining data/rspamd-2.5/contrib/replxx/src/wcwidth.cpp Examining data/rspamd-2.5/contrib/replxx/src/windows.cxx Examining data/rspamd-2.5/contrib/replxx/src/conversion.cxx Examining data/rspamd-2.5/contrib/replxx/src/io.cxx Examining data/rspamd-2.5/contrib/snowball/compiler/analyser.c Examining data/rspamd-2.5/contrib/snowball/compiler/driver.c Examining data/rspamd-2.5/contrib/snowball/compiler/generator.c Examining data/rspamd-2.5/contrib/snowball/compiler/header.h Examining data/rspamd-2.5/contrib/snowball/compiler/space.c Examining data/rspamd-2.5/contrib/snowball/compiler/syswords.h Examining data/rspamd-2.5/contrib/snowball/compiler/syswords2.h Examining data/rspamd-2.5/contrib/snowball/compiler/tokeniser.c Examining data/rspamd-2.5/contrib/snowball/include/libstemmer.h Examining data/rspamd-2.5/contrib/snowball/runtime/api.c Examining data/rspamd-2.5/contrib/snowball/runtime/api.h Examining data/rspamd-2.5/contrib/snowball/runtime/header.h Examining data/rspamd-2.5/contrib/snowball/runtime/utilities.c Examining data/rspamd-2.5/contrib/t1ha/t1ha.h Examining data/rspamd-2.5/contrib/t1ha/t1ha1.c Examining data/rspamd-2.5/contrib/t1ha/t1ha2.c Examining data/rspamd-2.5/contrib/t1ha/t1ha_bits.h Examining data/rspamd-2.5/contrib/uthash/uthash.h Examining data/rspamd-2.5/contrib/uthash/utlist.h Examining data/rspamd-2.5/contrib/uthash/utstring.h Examining data/rspamd-2.5/contrib/xxhash/xxhash.c Examining data/rspamd-2.5/contrib/xxhash/xxhash.h Examining data/rspamd-2.5/contrib/zstd/bitstream.h Examining data/rspamd-2.5/contrib/zstd/compiler.h Examining data/rspamd-2.5/contrib/zstd/cover.c Examining data/rspamd-2.5/contrib/zstd/divsufsort.c Examining data/rspamd-2.5/contrib/zstd/divsufsort.h Examining data/rspamd-2.5/contrib/zstd/entropy_common.c Examining data/rspamd-2.5/contrib/zstd/error_private.c Examining data/rspamd-2.5/contrib/zstd/error_private.h Examining data/rspamd-2.5/contrib/zstd/error_public.h Examining data/rspamd-2.5/contrib/zstd/fse.h Examining data/rspamd-2.5/contrib/zstd/fse_compress.c Examining data/rspamd-2.5/contrib/zstd/fse_decompress.c Examining data/rspamd-2.5/contrib/zstd/huf.h Examining data/rspamd-2.5/contrib/zstd/huf_compress.c Examining data/rspamd-2.5/contrib/zstd/huf_decompress.c Examining data/rspamd-2.5/contrib/zstd/mem.h Examining data/rspamd-2.5/contrib/zstd/pool.c Examining data/rspamd-2.5/contrib/zstd/pool.h Examining data/rspamd-2.5/contrib/zstd/threading.c Examining data/rspamd-2.5/contrib/zstd/threading.h Examining data/rspamd-2.5/contrib/zstd/zdict.c Examining data/rspamd-2.5/contrib/zstd/zdict.h Examining data/rspamd-2.5/contrib/zstd/zstd.h Examining data/rspamd-2.5/contrib/zstd/zstd_common.c Examining data/rspamd-2.5/contrib/zstd/zstd_compress.c Examining data/rspamd-2.5/contrib/zstd/zstd_compress.h Examining data/rspamd-2.5/contrib/zstd/zstd_decompress.c Examining data/rspamd-2.5/contrib/zstd/zstd_double_fast.c Examining data/rspamd-2.5/contrib/zstd/zstd_double_fast.h Examining data/rspamd-2.5/contrib/zstd/zstd_errors.h Examining data/rspamd-2.5/contrib/zstd/zstd_fast.c Examining data/rspamd-2.5/contrib/zstd/zstd_fast.h Examining data/rspamd-2.5/contrib/zstd/zstd_internal.h Examining data/rspamd-2.5/contrib/zstd/zstd_lazy.c Examining data/rspamd-2.5/contrib/zstd/zstd_lazy.h Examining data/rspamd-2.5/contrib/zstd/zstd_ldm.c Examining data/rspamd-2.5/contrib/zstd/zstd_ldm.h Examining data/rspamd-2.5/contrib/zstd/zstd_opt.c Examining data/rspamd-2.5/contrib/zstd/zstd_opt.h Examining data/rspamd-2.5/contrib/zstd/zstdmt_compress.c Examining data/rspamd-2.5/contrib/zstd/zstdmt_compress.h Examining data/rspamd-2.5/src/client/rspamc.c Examining data/rspamd-2.5/src/client/rspamdclient.c Examining data/rspamd-2.5/src/client/rspamdclient.h Examining data/rspamd-2.5/src/controller.c Examining data/rspamd-2.5/src/fuzzy_storage.c Examining data/rspamd-2.5/src/hs_helper.c Examining data/rspamd-2.5/src/libcryptobox/base64/avx2.c Examining data/rspamd-2.5/src/libcryptobox/base64/base64.c Examining data/rspamd-2.5/src/libcryptobox/base64/base64.h Examining data/rspamd-2.5/src/libcryptobox/base64/ref.c Examining data/rspamd-2.5/src/libcryptobox/base64/sse42.c Examining data/rspamd-2.5/src/libcryptobox/catena/catena.c Examining data/rspamd-2.5/src/libcryptobox/catena/catena.h Examining data/rspamd-2.5/src/libcryptobox/chacha20/chacha.c Examining data/rspamd-2.5/src/libcryptobox/chacha20/chacha.h Examining data/rspamd-2.5/src/libcryptobox/chacha20/ref.c Examining data/rspamd-2.5/src/libcryptobox/cryptobox.c Examining data/rspamd-2.5/src/libcryptobox/cryptobox.h Examining data/rspamd-2.5/src/libcryptobox/keypair.c Examining data/rspamd-2.5/src/libcryptobox/keypair.h Examining data/rspamd-2.5/src/libcryptobox/keypair_private.h Examining data/rspamd-2.5/src/libcryptobox/keypairs_cache.c Examining data/rspamd-2.5/src/libcryptobox/keypairs_cache.h Examining data/rspamd-2.5/src/libmime/archives.c Examining data/rspamd-2.5/src/libmime/archives.h Examining data/rspamd-2.5/src/libmime/content_type.c Examining data/rspamd-2.5/src/libmime/content_type.h Examining data/rspamd-2.5/src/libmime/email_addr.c Examining data/rspamd-2.5/src/libmime/email_addr.h Examining data/rspamd-2.5/src/libmime/images.c Examining data/rspamd-2.5/src/libmime/images.h Examining data/rspamd-2.5/src/libmime/lang_detection.c Examining data/rspamd-2.5/src/libmime/lang_detection.h Examining data/rspamd-2.5/src/libmime/message.c Examining data/rspamd-2.5/src/libmime/message.h Examining data/rspamd-2.5/src/libmime/mime_encoding.c Examining data/rspamd-2.5/src/libmime/mime_encoding.h Examining data/rspamd-2.5/src/libmime/mime_encoding_list.h Examining data/rspamd-2.5/src/libmime/mime_expressions.c Examining data/rspamd-2.5/src/libmime/mime_expressions.h Examining data/rspamd-2.5/src/libmime/mime_headers.c Examining data/rspamd-2.5/src/libmime/mime_headers.h Examining data/rspamd-2.5/src/libmime/mime_parser.c Examining data/rspamd-2.5/src/libmime/mime_parser.h Examining data/rspamd-2.5/src/libmime/scan_result.c Examining data/rspamd-2.5/src/libmime/scan_result.h Examining data/rspamd-2.5/src/libmime/scan_result_private.h Examining data/rspamd-2.5/src/libmime/smtp_parsers.h Examining data/rspamd-2.5/src/libserver/async_session.c Examining data/rspamd-2.5/src/libserver/async_session.h Examining data/rspamd-2.5/src/libserver/cfg_file.h Examining data/rspamd-2.5/src/libserver/cfg_file_private.h Examining data/rspamd-2.5/src/libserver/cfg_rcl.c Examining data/rspamd-2.5/src/libserver/cfg_rcl.h Examining data/rspamd-2.5/src/libserver/cfg_utils.c Examining data/rspamd-2.5/src/libserver/composites.c Examining data/rspamd-2.5/src/libserver/composites.h Examining data/rspamd-2.5/src/libserver/dkim.c Examining data/rspamd-2.5/src/libserver/dkim.h Examining data/rspamd-2.5/src/libserver/dns.c Examining data/rspamd-2.5/src/libserver/dns.h Examining data/rspamd-2.5/src/libserver/dynamic_cfg.c Examining data/rspamd-2.5/src/libserver/dynamic_cfg.h Examining data/rspamd-2.5/src/libserver/fuzzy_backend/fuzzy_backend.c Examining data/rspamd-2.5/src/libserver/fuzzy_backend/fuzzy_backend.h Examining data/rspamd-2.5/src/libserver/fuzzy_backend/fuzzy_backend_redis.c Examining data/rspamd-2.5/src/libserver/fuzzy_backend/fuzzy_backend_redis.h Examining data/rspamd-2.5/src/libserver/fuzzy_backend/fuzzy_backend_sqlite.c Examining data/rspamd-2.5/src/libserver/fuzzy_backend/fuzzy_backend_sqlite.h Examining data/rspamd-2.5/src/libserver/fuzzy_wire.h Examining data/rspamd-2.5/src/libserver/html.c Examining data/rspamd-2.5/src/libserver/html.h Examining data/rspamd-2.5/src/libserver/html_colors.h Examining data/rspamd-2.5/src/libserver/html_entities.h Examining data/rspamd-2.5/src/libserver/html_tags.h Examining data/rspamd-2.5/src/libserver/http/http_connection.c Examining data/rspamd-2.5/src/libserver/http/http_connection.h Examining data/rspamd-2.5/src/libserver/http/http_context.c Examining data/rspamd-2.5/src/libserver/http/http_context.h Examining data/rspamd-2.5/src/libserver/http/http_message.c Examining data/rspamd-2.5/src/libserver/http/http_message.h Examining data/rspamd-2.5/src/libserver/http/http_private.h Examining data/rspamd-2.5/src/libserver/http/http_router.c Examining data/rspamd-2.5/src/libserver/http/http_router.h Examining data/rspamd-2.5/src/libserver/http/http_util.c Examining data/rspamd-2.5/src/libserver/http/http_util.h Examining data/rspamd-2.5/src/libserver/logger.h Examining data/rspamd-2.5/src/libserver/logger/logger.c Examining data/rspamd-2.5/src/libserver/logger/logger_console.c Examining data/rspamd-2.5/src/libserver/logger/logger_file.c Examining data/rspamd-2.5/src/libserver/logger/logger_private.h Examining data/rspamd-2.5/src/libserver/logger/logger_syslog.c Examining data/rspamd-2.5/src/libserver/maps/map.c Examining data/rspamd-2.5/src/libserver/maps/map.h Examining data/rspamd-2.5/src/libserver/maps/map_helpers.c Examining data/rspamd-2.5/src/libserver/maps/map_helpers.h Examining data/rspamd-2.5/src/libserver/maps/map_private.h Examining data/rspamd-2.5/src/libserver/mempool_vars_internal.h Examining data/rspamd-2.5/src/libserver/milter.c Examining data/rspamd-2.5/src/libserver/milter.h Examining data/rspamd-2.5/src/libserver/milter_internal.h Examining data/rspamd-2.5/src/libserver/monitored.c Examining data/rspamd-2.5/src/libserver/monitored.h Examining data/rspamd-2.5/src/libserver/protocol.c Examining data/rspamd-2.5/src/libserver/protocol.h Examining data/rspamd-2.5/src/libserver/protocol_internal.h Examining data/rspamd-2.5/src/libserver/re_cache.c Examining data/rspamd-2.5/src/libserver/re_cache.h Examining data/rspamd-2.5/src/libserver/redis_pool.c Examining data/rspamd-2.5/src/libserver/redis_pool.h Examining data/rspamd-2.5/src/libserver/roll_history.c Examining data/rspamd-2.5/src/libserver/roll_history.h Examining data/rspamd-2.5/src/libserver/rspamd_control.c Examining data/rspamd-2.5/src/libserver/rspamd_control.h Examining data/rspamd-2.5/src/libserver/rspamd_symcache.c Examining data/rspamd-2.5/src/libserver/rspamd_symcache.h Examining data/rspamd-2.5/src/libserver/spf.c Examining data/rspamd-2.5/src/libserver/spf.h Examining data/rspamd-2.5/src/libserver/ssl_util.c Examining data/rspamd-2.5/src/libserver/ssl_util.h Examining data/rspamd-2.5/src/libserver/task.c Examining data/rspamd-2.5/src/libserver/task.h Examining data/rspamd-2.5/src/libserver/url.c Examining data/rspamd-2.5/src/libserver/url.h Examining data/rspamd-2.5/src/libserver/worker_util.c Examining data/rspamd-2.5/src/libserver/worker_util.h Examining data/rspamd-2.5/src/libstat/backends/backends.h Examining data/rspamd-2.5/src/libstat/backends/mmaped_file.c Examining data/rspamd-2.5/src/libstat/backends/redis_backend.c Examining data/rspamd-2.5/src/libstat/backends/sqlite3_backend.c Examining data/rspamd-2.5/src/libstat/classifiers/bayes.c Examining data/rspamd-2.5/src/libstat/classifiers/classifiers.h Examining data/rspamd-2.5/src/libstat/classifiers/lua_classifier.c Examining data/rspamd-2.5/src/libstat/learn_cache/learn_cache.h Examining data/rspamd-2.5/src/libstat/learn_cache/redis_cache.c Examining data/rspamd-2.5/src/libstat/learn_cache/sqlite3_cache.c Examining data/rspamd-2.5/src/libstat/stat_api.h Examining data/rspamd-2.5/src/libstat/stat_config.c Examining data/rspamd-2.5/src/libstat/stat_internal.h Examining data/rspamd-2.5/src/libstat/stat_process.c Examining data/rspamd-2.5/src/libstat/tokenizers/osb.c Examining data/rspamd-2.5/src/libstat/tokenizers/tokenizers.c Examining data/rspamd-2.5/src/libstat/tokenizers/tokenizers.h Examining data/rspamd-2.5/src/libutil/addr.c Examining data/rspamd-2.5/src/libutil/addr.h Examining data/rspamd-2.5/src/libutil/expression.c Examining data/rspamd-2.5/src/libutil/expression.h Examining data/rspamd-2.5/src/libutil/fstring.c Examining data/rspamd-2.5/src/libutil/fstring.h Examining data/rspamd-2.5/src/libutil/hash.c Examining data/rspamd-2.5/src/libutil/hash.h Examining data/rspamd-2.5/src/libutil/heap.c Examining data/rspamd-2.5/src/libutil/heap.h Examining data/rspamd-2.5/src/libutil/libev_helper.c Examining data/rspamd-2.5/src/libutil/libev_helper.h Examining data/rspamd-2.5/src/libutil/mem_pool.c Examining data/rspamd-2.5/src/libutil/mem_pool.h Examining data/rspamd-2.5/src/libutil/mem_pool_internal.h Examining data/rspamd-2.5/src/libutil/multipattern.c Examining data/rspamd-2.5/src/libutil/multipattern.h Examining data/rspamd-2.5/src/libutil/printf.c Examining data/rspamd-2.5/src/libutil/printf.h Examining data/rspamd-2.5/src/libutil/radix.c Examining data/rspamd-2.5/src/libutil/radix.h Examining data/rspamd-2.5/src/libutil/ref.h Examining data/rspamd-2.5/src/libutil/regexp.c Examining data/rspamd-2.5/src/libutil/regexp.h Examining data/rspamd-2.5/src/libutil/rrd.c Examining data/rspamd-2.5/src/libutil/rrd.h Examining data/rspamd-2.5/src/libutil/shingles.c Examining data/rspamd-2.5/src/libutil/shingles.h Examining data/rspamd-2.5/src/libutil/sqlite_utils.c Examining data/rspamd-2.5/src/libutil/sqlite_utils.h Examining data/rspamd-2.5/src/libutil/str_util.c Examining data/rspamd-2.5/src/libutil/str_util.h Examining data/rspamd-2.5/src/libutil/unix-std.h Examining data/rspamd-2.5/src/libutil/upstream.c Examining data/rspamd-2.5/src/libutil/upstream.h Examining data/rspamd-2.5/src/libutil/uthash_strcase.h Examining data/rspamd-2.5/src/libutil/util.c Examining data/rspamd-2.5/src/libutil/util.h Examining data/rspamd-2.5/src/lua/lua_cdb.c Examining data/rspamd-2.5/src/lua/lua_cfg_file.c Examining data/rspamd-2.5/src/lua/lua_classifier.c Examining data/rspamd-2.5/src/lua/lua_common.c Examining data/rspamd-2.5/src/lua/lua_common.h Examining data/rspamd-2.5/src/lua/lua_config.c Examining data/rspamd-2.5/src/lua/lua_cryptobox.c Examining data/rspamd-2.5/src/lua/lua_dns.c Examining data/rspamd-2.5/src/lua/lua_dns_resolver.c Examining data/rspamd-2.5/src/lua/lua_dns_resolver.h Examining data/rspamd-2.5/src/lua/lua_expression.c Examining data/rspamd-2.5/src/lua/lua_html.c Examining data/rspamd-2.5/src/lua/lua_http.c Examining data/rspamd-2.5/src/lua/lua_ip.c Examining data/rspamd-2.5/src/lua/lua_kann.c Examining data/rspamd-2.5/src/lua/lua_logger.c Examining data/rspamd-2.5/src/lua/lua_map.c Examining data/rspamd-2.5/src/lua/lua_map.h Examining data/rspamd-2.5/src/lua/lua_mempool.c Examining data/rspamd-2.5/src/lua/lua_mimepart.c Examining data/rspamd-2.5/src/lua/lua_redis.c Examining data/rspamd-2.5/src/lua/lua_regexp.c Examining data/rspamd-2.5/src/lua/lua_rsa.c Examining data/rspamd-2.5/src/lua/lua_spf.c Examining data/rspamd-2.5/src/lua/lua_sqlite3.c Examining data/rspamd-2.5/src/lua/lua_task.c Examining data/rspamd-2.5/src/lua/lua_tcp.c Examining data/rspamd-2.5/src/lua/lua_text.c Examining data/rspamd-2.5/src/lua/lua_thread_pool.c Examining data/rspamd-2.5/src/lua/lua_thread_pool.h Examining data/rspamd-2.5/src/lua/lua_trie.c Examining data/rspamd-2.5/src/lua/lua_udp.c Examining data/rspamd-2.5/src/lua/lua_upstream.c Examining data/rspamd-2.5/src/lua/lua_url.c Examining data/rspamd-2.5/src/lua/lua_util.c Examining data/rspamd-2.5/src/lua/lua_worker.c Examining data/rspamd-2.5/src/lua/lua_xmlrpc.c Examining data/rspamd-2.5/src/plugins/chartable.c Examining data/rspamd-2.5/src/plugins/dkim_check.c Examining data/rspamd-2.5/src/plugins/fuzzy_check.c Examining data/rspamd-2.5/src/plugins/regexp.c Examining data/rspamd-2.5/src/rspamadm/commands.c Examining data/rspamd-2.5/src/rspamadm/configdump.c Examining data/rspamd-2.5/src/rspamadm/confighelp.c Examining data/rspamd-2.5/src/rspamadm/configtest.c Examining data/rspamd-2.5/src/rspamadm/control.c Examining data/rspamd-2.5/src/rspamadm/dkim_keygen.c Examining data/rspamd-2.5/src/rspamadm/fuzzy_convert.c Examining data/rspamd-2.5/src/rspamadm/lua_repl.c Examining data/rspamd-2.5/src/rspamadm/pw.c Examining data/rspamd-2.5/src/rspamadm/rspamadm.c Examining data/rspamd-2.5/src/rspamadm/rspamadm.h Examining data/rspamd-2.5/src/rspamadm/signtool.c Examining data/rspamd-2.5/src/rspamadm/stat_convert.c Examining data/rspamd-2.5/src/rspamd.c Examining data/rspamd-2.5/src/rspamd.h Examining data/rspamd-2.5/src/rspamd_proxy.c Examining data/rspamd-2.5/src/worker.c Examining data/rspamd-2.5/src/worker_private.h Examining data/rspamd-2.5/test/rspamd_cryptobox_test.c Examining data/rspamd-2.5/test/rspamd_dkim_test.c Examining data/rspamd-2.5/test/rspamd_dns_test.c Examining data/rspamd-2.5/test/rspamd_heap_test.c Examining data/rspamd-2.5/test/rspamd_http_test.c Examining data/rspamd-2.5/test/rspamd_lua_pcall_vs_resume_test.c Examining data/rspamd-2.5/test/rspamd_lua_test.c Examining data/rspamd-2.5/test/rspamd_mem_pool_test.c Examining data/rspamd-2.5/test/rspamd_radix_test.c Examining data/rspamd-2.5/test/rspamd_rrd_test.c Examining data/rspamd-2.5/test/rspamd_shingles_test.c Examining data/rspamd-2.5/test/rspamd_statfile_test.c Examining data/rspamd-2.5/test/rspamd_test_suite.c Examining data/rspamd-2.5/test/rspamd_upstream_test.c Examining data/rspamd-2.5/test/rspamd_url_test.c Examining data/rspamd-2.5/test/tests.h Examining data/rspamd-2.5/utils/base64.c Examining data/rspamd-2.5/utils/content_type_bench.c Examining data/rspamd-2.5/utils/mime_tool.c Examining data/rspamd-2.5/utils/received_parser_bench.c Examining data/rspamd-2.5/utils/rspamd_http_bench.c Examining data/rspamd-2.5/utils/rspamd_http_server.c FINAL RESULTS: data/rspamd-2.5/contrib/replxx/src/history.cxx:54:2: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod( filename.c_str(), S_IRUSR | S_IWUSR ); data/rspamd-2.5/src/libserver/dynamic_cfg.c:361:6: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (chmod (cfg->dynamic_conf, st.st_mode) == -1) { data/rspamd-2.5/src/libutil/addr.c:1106:9: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (chown (path, addr->u.un->owner, addr->u.un->group) == -1) { data/rspamd-2.5/src/libutil/addr.c:1113:8: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (chmod (path, addr->u.un->mode) == -1) { data/rspamd-2.5/contrib/exim/dlfunc-json/rspamd.c:130:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (sscanf (CS arg_socket_addr, "%s %u", tcp_addr, &tcp_port) != 2 ) { data/rspamd-2.5/contrib/exim/local_scan.c:96:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (pszPath, "%s%s%sXXXXXX", pszDir, pszSep, pszPrefix); data/rspamd-2.5/contrib/exim/local_scan.c:144:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sCommand, "%s %s\r\n", command, value); data/rspamd-2.5/contrib/exim/local_scan.c:509:21: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (sscanf (tok, "%*s %d %s", &code, state) == 2) data/rspamd-2.5/contrib/exim/local_scan.c:669:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ssun.sun_path, socket_name); data/rspamd-2.5/contrib/hiredis/sds.c:370:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, buflen, fmt, cpy); data/rspamd-2.5/contrib/hiredis/sds.h:77:27: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((format(printf, 2, 3))); data/rspamd-2.5/contrib/libev/ev.c:4816:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (path, w->path); data/rspamd-2.5/contrib/librdns/logger.c:37:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (stderr, format, args); data/rspamd-2.5/contrib/libucl/ucl_internal.h:103:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/rspamd-2.5/contrib/libucl/ucl_internal.h:103:18: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/rspamd-2.5/contrib/libucl/ucl_internal.h:104:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define vsnprintf _vsnprintf data/rspamd-2.5/contrib/libucl/ucl_internal.h:371:26: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__ (( format( printf, 2, 3) )); data/rspamd-2.5/contrib/libucl/ucl_schema.c:58:26: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__ (( format( printf, 4, 5) )); data/rspamd-2.5/contrib/libucl/ucl_schema.c:72:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf (err->msg, sizeof (err->msg), fmt, va); data/rspamd-2.5/contrib/libucl/ucl_util.c:98:64: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. static void *ucl_mmap(char *addr, size_t length, int prot, int access, int fd, off_t offset) data/rspamd-2.5/contrib/replxx/src/io.cxx:304:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( data/rspamd-2.5/contrib/replxx/src/prompt.cxx:7:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf // Microsoft headers use underscores in some names data/rspamd-2.5/contrib/replxx/src/prompt.cxx:7:18: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf // Microsoft headers use underscores in some names data/rspamd-2.5/contrib/replxx/src/replxx.cxx:230:31: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int size = static_cast<int>( vsnprintf( nullptr, 0, format_, ap ) ); data/rspamd-2.5/contrib/replxx/src/replxx.cxx:234:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf( buf.get(), static_cast<size_t>( size + 1 ), format_, ap ); data/rspamd-2.5/contrib/replxx/src/replxx.cxx:318:31: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int size = static_cast<int>( vsnprintf( nullptr, 0, format_, ap ) ); data/rspamd-2.5/contrib/replxx/src/replxx.cxx:322:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf( buf.get(), static_cast<size_t>( size + 1 ), format_, ap ); data/rspamd-2.5/contrib/replxx/src/replxx_impl.cxx:11:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf // Microsoft headers use underscores in some names data/rspamd-2.5/contrib/replxx/src/replxx_impl.cxx:11:18: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf // Microsoft headers use underscores in some names data/rspamd-2.5/contrib/uthash/uthash.h:277:29: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define HASH_OOPS(...) do { fprintf(stderr,__VA_ARGS__); exit(-1); } while (0) data/rspamd-2.5/contrib/uthash/utstring.h:132:11: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. n = vsnprintf (&s->d[s->i], s->n-s->i, fmt, cp); data/rspamd-2.5/contrib/uthash/utstring.h:148:28: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__ (( format( printf, 2, 3) )); data/rspamd-2.5/contrib/zstd/cover.c:49:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, __VA_ARGS__); \ data/rspamd-2.5/contrib/zstd/zdict.c:71:32: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define DISPLAY(...) { fprintf(stderr, __VA_ARGS__); fflush( stderr ); } data/rspamd-2.5/contrib/zstd/zstd_internal.h:64:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, __FILE__ ": "); \ data/rspamd-2.5/contrib/zstd/zstd_internal.h:65:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, __VA_ARGS__); \ data/rspamd-2.5/contrib/zstd/zstdmt_compress.c:37:52: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define DEBUGLOGRAW(l, ...) if (l<=ZSTD_DEBUG) { fprintf(stderr, __VA_ARGS__); } data/rspamd-2.5/src/client/rspamc.c:533:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stdout, data/rspamd-2.5/src/client/rspamc.c:1072:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (fmt_buf, "Pri", "Symbol", "Weight", "Frequency", "Hits"); data/rspamd-2.5/src/client/rspamc.c:1074:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (fmt_buf, "", "", "", "hits/min", ""); data/rspamd-2.5/src/client/rspamc.c:1103:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (fmt_buf, i, data/rspamd-2.5/src/controller.c:890:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access (bk->uri, W_OK) == 0) { data/rspamd-2.5/src/controller.c:893:11: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. else if (access (bk->uri, R_OK) == -1 && errno == ENOENT) { data/rspamd-2.5/src/controller.c:897:8: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access (fpath, W_OK) == 0) { data/rspamd-2.5/src/controller.c:951:22: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (!editable && access (bk->uri, R_OK) == -1) { data/rspamd-2.5/src/libserver/cfg_utils.c:835:8: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access (fpath->str, R_OK) != -1) { data/rspamd-2.5/src/libserver/cfg_utils.c:851:8: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access (cfg->tld_file, R_OK) == -1) { data/rspamd-2.5/src/libserver/cfg_utils.c:960:7: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. r += vsnprintf (logbuf + r, sizeof (logbuf) - r, fmt, aq); data/rspamd-2.5/src/libserver/cfg_utils.c:981:7: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. r += vsnprintf (logbuf + r, sizeof (logbuf) - r, fmt, aq); data/rspamd-2.5/src/libserver/dynamic_cfg.c:320:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access (dir, W_OK | R_OK) == -1) { data/rspamd-2.5/src/libserver/maps/map.c:2470:7: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access (bk->uri, R_OK) == -1) { data/rspamd-2.5/src/libserver/worker_util.c:1821:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access (cfg->stats_file, R_OK) == -1) { data/rspamd-2.5/src/libutil/addr.c:1061:29: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (addr->af == AF_UNIX && access (addr->u.un->addr.sun_path, W_OK) != -1) { data/rspamd-2.5/src/libutil/rrd.c:1420:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access (path, R_OK) != -1) { data/rspamd-2.5/src/libutil/sqlite_utils.c:322:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access (pdir, W_OK) == -1) { data/rspamd-2.5/src/libutil/sqlite_utils.c:332:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access (path, R_OK) == -1) { data/rspamd-2.5/src/lua/lua_tcp.c:523:48: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. const char *err, ...) __attribute__ ((format(printf, 3, 4))); data/rspamd-2.5/src/lua/lua_util.c:3053:7: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access (fname, R_OK) == -1) { data/rspamd-2.5/contrib/libev/ev.c:3312:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. && getenv ("LIBEV_FLAGS")) data/rspamd-2.5/contrib/libev/ev.c:3313:23: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. flags = atoi (getenv ("LIBEV_FLAGS")); data/rspamd-2.5/contrib/libottery/ottery-threading.h:67:5: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(mutex); \ data/rspamd-2.5/contrib/libottery/ottery_global.c:42:6: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("VALGRIND")) { data/rspamd-2.5/contrib/libucl/ucl_util.c:188:22: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. #define ucl_realpath realpath data/rspamd-2.5/contrib/mumhash/mum.h:347:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand (seed); data/rspamd-2.5/contrib/replxx/src/replxx_impl.cxx:67:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char* term = getenv("TERM"); data/rspamd-2.5/contrib/replxx/src/util.cxx:115:27: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. static char const* TERM( getenv( "TERM" ) ); data/rspamd-2.5/contrib/zstd/threading.h:48:36: [3] (misc) InitializeCriticalSection: Exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. #define pthread_mutex_init(a,b) (InitializeCriticalSection((a)), 0) data/rspamd-2.5/contrib/zstd/threading.h:50:35: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. #define pthread_mutex_lock(a) EnterCriticalSection((a)) data/rspamd-2.5/src/controller.c:1772:7: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. if (realpath (filebuf, realbuf) == NULL || data/rspamd-2.5/src/libserver/cfg_utils.c:2720:6: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv ("LANG") == NULL) { data/rspamd-2.5/src/libserver/http/http_router.c:156:6: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. if (realpath (filebuf, realbuf) == NULL || data/rspamd-2.5/src/libserver/http/http_router.c:401:32: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. nrouter->default_fs_path = realpath (default_fs_path, NULL); data/rspamd-2.5/src/libutil/mem_pool.c:325:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. g_slice = getenv ("VALGRIND"); data/rspamd-2.5/src/libutil/regexp.c:1141:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv ("VALGRIND") == NULL) { data/rspamd-2.5/src/lua/lua_common.c:309:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. t = getenv ("RULESDIR"); data/rspamd-2.5/src/lua/lua_common.c:314:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. t = getenv ("LUALIBDIR"); data/rspamd-2.5/src/lua/lua_common.c:319:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. t = getenv ("LIBDIR"); data/rspamd-2.5/src/lua/lua_common.c:324:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. t = getenv ("RSPAMD_LIBDIR"); data/rspamd-2.5/src/rspamadm/lua_repl.c:970:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. homedir = getenv ("HOME"); data/rspamd-2.5/src/rspamadm/signtool.c:120:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. editor = getenv ("EDITOR"); data/rspamd-2.5/src/rspamadm/signtool.c:129:11: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. tmpdir = getenv ("TMPDIR"); data/rspamd-2.5/src/rspamd.c:462:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. e = getenv ("LISTEN_FDNAMES"); data/rspamd-2.5/src/rspamd.c:487:6: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. e = getenv ("LISTEN_FDS"); data/rspamd-2.5/src/rspamd.c:942:42: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. rspamd_mempool_strdup (cfg->cfg_pool, getenv ("TMPDIR")); data/rspamd-2.5/src/rspamd.c:1271:6: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv ("VALGRIND") != NULL) { data/rspamd-2.5/test/rspamd_http_test.c:272:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((env = getenv ("RSPAMD_HTTP_CONNS")) != NULL) { data/rspamd-2.5/test/rspamd_http_test.c:279:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((env = getenv ("RSPAMD_HTTP_TESTS")) != NULL) { data/rspamd-2.5/test/rspamd_http_test.c:282:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((env = getenv ("RSPAMD_HTTP_SIZE")) != NULL) { data/rspamd-2.5/test/rspamd_http_test.c:285:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((env = getenv ("RSPAMD_HTTP_SERVERS")) != NULL) { data/rspamd-2.5/test/rspamd_lua_test.c:80:12: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. if ((rp = realpath (lua_src, rp_buf)) == NULL) { data/rspamd-2.5/contrib/cdb/cdb.h:30:36: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned cdb_unpack(const unsigned char buf[4]); data/rspamd-2.5/contrib/cdb/cdb.h:31:38: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void cdb_pack(unsigned num, unsigned char buf[4]); data/rspamd-2.5/contrib/cdb/cdb.h:106:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cdb_buf[4096]; /* write buffer */ data/rspamd-2.5/contrib/cdb/cdb_init.c:107:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, data, len); data/rspamd-2.5/contrib/cdb/cdb_init.c:118:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((nfd = open (cdbp->filename, O_RDONLY)) != -1) { data/rspamd-2.5/contrib/cdb/cdb_make.c:10:38: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void cdb_pack(unsigned num, unsigned char buf[4]) data/rspamd-2.5/contrib/cdb/cdb_make.c:62:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (cdbmp->cdb_bpos, ptr, l); data/rspamd-2.5/contrib/cdb/cdb_make.c:78:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (cdbmp->cdb_bpos, ptr, len); data/rspamd-2.5/contrib/cdb/cdb_make.c:186:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char rlen[8]; data/rspamd-2.5/contrib/cdb/cdb_make.c:409:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. cdb_unpack(const unsigned char buf[4]) data/rspamd-2.5/contrib/cdb/cdb_make.c:471:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char rbuf[64]; /* read buffer */ data/rspamd-2.5/contrib/exim/dlfunc-json/rspamd.c:48:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tcp_addr[15]; data/rspamd-2.5/contrib/exim/dlfunc-json/rspamd.c:60:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mbox_path[8192]; data/rspamd-2.5/contrib/exim/dlfunc-json/rspamd.c:111:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mbox_file = fopen (mbox_path, "rb"); data/rspamd-2.5/contrib/exim/local_scan.c:97:11: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). iFd = mkstemp (pszPath); data/rspamd-2.5/contrib/exim/local_scan.c:107:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char psMsg [MAX_SIZE_FILE]; /* max size SO can swallow */ data/rspamd-2.5/contrib/exim/local_scan.c:140:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sCommand[1024]; data/rspamd-2.5/contrib/exim/local_scan.c:141:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char answ [3]; data/rspamd-2.5/contrib/exim/local_scan.c:207:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str [256], *rh; data/rspamd-2.5/contrib/exim/local_scan.c:239:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%d", message_size); data/rspamd-2.5/contrib/exim/local_scan.c:244:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%d", recipients_count); data/rspamd-2.5/contrib/exim/local_scan.c:257:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (sFile, O_RDONLY); data/rspamd-2.5/contrib/exim/local_scan.c:331:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char answ [4]; data/rspamd-2.5/contrib/exim/local_scan.c:491:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char answ [4096], state[6], metric[128], back; data/rspamd-2.5/contrib/exim/local_scan.c:650:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sFileInp [MAX_PATH + 81]; data/rspamd-2.5/contrib/fpconv/fpconv.c:209:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (d, digits, ndigits); data/rspamd-2.5/contrib/fpconv/fpconv.c:237:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest + idx, digits + 1, ndigits - 1); data/rspamd-2.5/contrib/fpconv/fpconv.c:304:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest + offset + 2, digits, precision); data/rspamd-2.5/contrib/fpconv/fpconv.c:310:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest + offset + 2, digits, ndigits); data/rspamd-2.5/contrib/fpconv/fpconv.c:318:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest + offset + 2, digits, ndigits); data/rspamd-2.5/contrib/fpconv/fpconv.c:335:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d, digits, offset); data/rspamd-2.5/contrib/fpconv/fpconv.c:344:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d, digits + offset, precision); data/rspamd-2.5/contrib/fpconv/fpconv.c:349:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d, digits + offset, ndigits); data/rspamd-2.5/contrib/fpconv/fpconv.c:365:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d, digits + offset, ndigits); data/rspamd-2.5/contrib/fpconv/fpconv.c:449:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. fpconv_dtoa (double d, char dest[FPCONV_BUFLEN], data/rspamd-2.5/contrib/fpconv/fpconv.c:452:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char digits[18]; data/rspamd-2.5/contrib/fpconv/fpconv.h:30:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int fpconv_dtoa(double fp, char dest[FPCONV_BUFLEN], unsigned precision, data/rspamd-2.5/contrib/hiredis/async.c:72:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dup,src,sizeof(*dup)); data/rspamd-2.5/contrib/hiredis/async.c:238:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cb,source,sizeof(*cb)); data/rspamd-2.5/contrib/hiredis/async.c:260:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(target,cb,sizeof(*cb)); data/rspamd-2.5/contrib/hiredis/async.c:393:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dstcb,dictGetEntryVal(de),sizeof(*dstcb)); data/rspamd-2.5/contrib/hiredis/hiredis.c:121:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf,str,len); data/rspamd-2.5/contrib/hiredis/hiredis.c:280:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _format[16]; data/rspamd-2.5/contrib/hiredis/hiredis.c:359:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_format,c,_l); data/rspamd-2.5/contrib/hiredis/hiredis.c:403:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. pos = sprintf(cmd,"*%d\r\n",argc); data/rspamd-2.5/contrib/hiredis/hiredis.c:405:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. pos += sprintf(cmd+pos,"$%zu\r\n",sdslen(curargv[j])); data/rspamd-2.5/contrib/hiredis/hiredis.c:406:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cmd+pos,curargv[j],sdslen(curargv[j])); data/rspamd-2.5/contrib/hiredis/hiredis.c:552:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. pos = sprintf(cmd,"*%d\r\n",argc); data/rspamd-2.5/contrib/hiredis/hiredis.c:555:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. pos += sprintf(cmd+pos,"$%zu\r\n",len); data/rspamd-2.5/contrib/hiredis/hiredis.c:556:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cmd+pos,argv[j],len); data/rspamd-2.5/contrib/hiredis/hiredis.c:579:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c->errstr,str,len); data/rspamd-2.5/contrib/hiredis/hiredis.c:799:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024*16]; data/rspamd-2.5/contrib/hiredis/hiredis.h:143:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[128]; /* String representation of error when applicable */ data/rspamd-2.5/contrib/hiredis/net.c:68:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128] = { 0 }; data/rspamd-2.5/contrib/hiredis/net.c:265:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _port[6]; /* strlen("65535"); */ data/rspamd-2.5/contrib/hiredis/net.c:293:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c->timeout, timeout, sizeof(struct timeval)); data/rspamd-2.5/contrib/hiredis/net.c:342:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/rspamd-2.5/contrib/hiredis/net.c:364:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/rspamd-2.5/contrib/hiredis/net.c:397:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/rspamd-2.5/contrib/hiredis/net.c:439:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c->timeout, timeout, sizeof(struct timeval)); data/rspamd-2.5/contrib/hiredis/read.c:68:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r->errstr,str,len); data/rspamd-2.5/contrib/hiredis/read.c:97:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cbuf[8], sbuf[128]; data/rspamd-2.5/contrib/hiredis/read.h:82:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[128]; /* String representation of error when applicable */ data/rspamd-2.5/contrib/hiredis/sds.c:63:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sh->buf, init, initlen); data/rspamd-2.5/contrib/hiredis/sds.c:244:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s+curlen, t, len); data/rspamd-2.5/contrib/hiredis/sds.c:279:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, t, len); data/rspamd-2.5/contrib/hiredis/sds.c:460:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s+i,str,l); data/rspamd-2.5/contrib/hiredis/sds.c:472:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SDS_LLSTR_SIZE]; data/rspamd-2.5/contrib/hiredis/sds.c:478:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s+i,buf,l); data/rspamd-2.5/contrib/hiredis/sds.c:494:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SDS_LLSTR_SIZE]; data/rspamd-2.5/contrib/hiredis/sds.c:500:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s+i,buf,l); data/rspamd-2.5/contrib/hiredis/sds.c:720:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32], *p; data/rspamd-2.5/contrib/http-parser/http_parser.c:142:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char tokens[256] = { data/rspamd-2.5/contrib/kann/kann.c:30:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&x[j], v->x, l * sizeof(float)); data/rspamd-2.5/contrib/kann/kann.c:37:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&c[k], v->x, l * sizeof(float)); data/rspamd-2.5/contrib/kann/kann.c:212:14: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (q->x) memcpy(p->x, q->x, kad_len(p) * sizeof(float)); data/rspamd-2.5/contrib/kann/kann.c:369:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mt->mt[i].a->x, a->x, n_var * sizeof(float)); data/rspamd-2.5/contrib/kann/kann.c:403:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&p->x[k], q->x, kad_len(q) * sizeof(float)); data/rspamd-2.5/contrib/kann/kann.c:430:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&p->x[(i * B + k) * d1], &q->x[i * size * d1], size * d1 * sizeof(float)); data/rspamd-2.5/contrib/kann/kann.c:488:30: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fn && strcmp(fn, "-")? fopen(fn, "wb") : stdout; data/rspamd-2.5/contrib/kann/kann.c:495:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[4]; data/rspamd-2.5/contrib/kann/kann.c:521:30: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fn && strcmp(fn, "-")? fopen(fn, "rb") : stdin; data/rspamd-2.5/contrib/kann/kann.c:541:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p->d, d, n_d * sizeof(int32_t)); data/rspamd-2.5/contrib/kann/kann.c:897:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&x1[b*n_in], x[shuf[n_proc+b]], n_in * sizeof(float)); data/rspamd-2.5/contrib/kann/kann.c:898:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&y1[b*n_out], y[shuf[n_proc+b]], n_out * sizeof(float)); data/rspamd-2.5/contrib/kann/kann.c:913:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&x1[b*n_in], x[n_train+n_proc+b], n_in * sizeof(float)); data/rspamd-2.5/contrib/kann/kann.c:914:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&y1[b*n_out], y[n_train+n_proc+b], n_out * sizeof(float)); data/rspamd-2.5/contrib/kann/kann.c:938:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(min_x, ann->x, n_var * sizeof(float)); data/rspamd-2.5/contrib/kann/kann.c:939:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(min_c, ann->c, n_const * sizeof(float)); data/rspamd-2.5/contrib/kann/kann.c:947:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ann->x, min_x, n_var * sizeof(float)); data/rspamd-2.5/contrib/kann/kann.c:948:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ann->c, min_c, n_const * sizeof(float)); data/rspamd-2.5/contrib/kann/kann.c:973:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&x1[b*n_in], x[n_proc+b], n_in * sizeof(float)); data/rspamd-2.5/contrib/kann/kann.c:974:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&y1[b*n_out], y[n_proc+b], n_out * sizeof(float)); data/rspamd-2.5/contrib/kann/kautodiff.c:683:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q, p, sizeof(kad_node_t)); data/rspamd-2.5/contrib/kann/kautodiff.c:690:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q->ptr, p->ptr, p->ptr_size); data/rspamd-2.5/contrib/kann/kautodiff.c:715:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q->x, p->x, kad_len(p) * sizeof(float)); data/rspamd-2.5/contrib/kann/kautodiff.c:1042:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (src->n_d) memcpy(dst->d, src->d, src->n_d * sizeof(int)); data/rspamd-2.5/contrib/kann/kautodiff.c:1059:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p->x, q[0]->x, n0 * sizeof(float)); data/rspamd-2.5/contrib/kann/kautodiff.c:1083:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p->x, q[0]->x, n0 * sizeof(float)); data/rspamd-2.5/contrib/kann/kautodiff.c:1372:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&p->x[i * p->d[axis] * d1], &q->x[(i * q->d[axis] + range[0]) * d1], (range[1] - range[0]) * d1 * sizeof(float)); data/rspamd-2.5/contrib/kann/kautodiff.c:1403:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&p->x[(i * p->d[axis] + k) * d1], &q->x[i * q->d[axis] * d1], q->d[axis] * d1 * sizeof(float)); data/rspamd-2.5/contrib/kann/kautodiff.c:1447:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p->x, q->x, kad_len(p) * sizeof(float)); data/rspamd-2.5/contrib/kann/kautodiff.c:1470:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&p->x[(i * n + n - 1 - j) * d1], &q->x[(i * n + j) * d1], d1 * sizeof(float)); data/rspamd-2.5/contrib/kann/kautodiff.c:1789:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p->x, q->x, n * sizeof(float)); data/rspamd-2.5/contrib/kann/kautodiff.c:1816:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p->x, q->x, n * sizeof(float)); data/rspamd-2.5/contrib/kann/kautodiff.c:1845:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&p->x[i * n], p->child[i]->x, n * sizeof(float)); data/rspamd-2.5/contrib/kann/kautodiff.c:1871:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p->x, q->x, n * sizeof(float)); data/rspamd-2.5/contrib/kann/kautodiff.c:1968:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(x_padded + aux[1].pad[0], _xx, q->d[3] * sizeof(float)); \ data/rspamd-2.5/contrib/kann/kautodiff.c:1986:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(x_padded + aux[1].pad[0] * q->d[1], _xx, q->d[3] * q->d[1] * sizeof(float)); \ data/rspamd-2.5/contrib/kann/kautodiff.c:2127:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(x_padded + aux->pad[0], _xx, q->d[2] * sizeof(float)); \ data/rspamd-2.5/contrib/kann/kautodiff.c:2142:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(x_padded + aux->pad[0] * q->d[1], _xx, q->d[2] * q->d[1] * sizeof(float)); \ data/rspamd-2.5/contrib/kann/kautodiff.c:2324:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *kad_op_name[KAD_MAX_OP] = { data/rspamd-2.5/contrib/kann/kautodiff.c:2390:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&g0[k], a[i]->g, kad_len(a[i]) * sizeof(float)); data/rspamd-2.5/contrib/kann/kautodiff.h:237:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char *kad_op_name[KAD_MAX_OP]; data/rspamd-2.5/contrib/lc-btrie/btrie.c:772:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data_beg, old_data_beg, di * sizeof(data_beg[0])); data/rspamd-2.5/contrib/lc-btrie/btrie.c:773:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&data_beg[di + 1], &old_data_beg[di], data/rspamd-2.5/contrib/lc-btrie/btrie.c:839:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data_beg, old_data_beg, data/rspamd-2.5/contrib/lc-btrie/btrie.c:841:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&node->ptr.children[ci + 1], &old_children[ci], data/rspamd-2.5/contrib/lc-btrie/btrie.c:913:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(node->prefix, prefix + lc_shift (pos), LC_BYTES_PER_NODE); data/rspamd-2.5/contrib/lc-btrie/btrie.c:921:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(node->prefix, prefix + lc_shift (pos), nbytes - lc_shift (pos)); data/rspamd-2.5/contrib/lc-btrie/btrie.c:942:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(node->prefix + shift, child->prefix, lc_bytes (child, end)); data/rspamd-2.5/contrib/lc-btrie/btrie.c:953:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(node->prefix + shift, child->prefix, data/rspamd-2.5/contrib/lc-btrie/btrie.c:1239:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(node->ptr.data_end - (int )ndata, data, ndata * sizeof(data[0])); data/rspamd-2.5/contrib/lc-btrie/btrie.c:1240:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(node->ptr.children, children, nchildren * sizeof(children[0])); data/rspamd-2.5/contrib/lc-btrie/btrie.c:1491:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[128]; data/rspamd-2.5/contrib/lc-btrie/btrie.c:1614:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&prefix[lc_shift (pos)], node->prefix, lc_bytes (node, pos)); data/rspamd-2.5/contrib/lc-btrie/btrie.c:2547:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&prefix[lc_shift(pos)], node->prefix, lc_bytes(node, pos)); data/rspamd-2.5/contrib/lc-btrie/btrie.c:2591:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. parse_prefix(const char *arg, btrie_oct_t prefix[16], unsigned *len) data/rspamd-2.5/contrib/lc-btrie/btrie.c:2593:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addrbuf[128]; data/rspamd-2.5/contrib/libev/ev.c:557:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pad[128 - sizeof (uint32_t)]; data/rspamd-2.5/contrib/libev/ev.c:1373:58: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ecb_inline void ecb_poke_u16_u (void *ptr, uint16_t v) { memcpy (ptr, &v, sizeof (v)); } data/rspamd-2.5/contrib/libev/ev.c:1374:58: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ecb_inline void ecb_poke_u32_u (void *ptr, uint32_t v) { memcpy (ptr, &v, sizeof (v)); } data/rspamd-2.5/contrib/libev/ev.c:1375:58: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ecb_inline void ecb_poke_u64_u (void *ptr, uint64_t v) { memcpy (ptr, &v, sizeof (v)); } data/rspamd-2.5/contrib/libev/ev.c:1406:67: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. template<typename T> inline void ecb_poke_u (void *ptr, T v) { memcpy (ptr, &v, sizeof (v)); } data/rspamd-2.5/contrib/libev/ev.c:1603:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&r, &x, 4); data/rspamd-2.5/contrib/libev/ev.c:1643:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&r, &x, 4); data/rspamd-2.5/contrib/libev/ev.c:1673:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&r, &x, 8); data/rspamd-2.5/contrib/libev/ev.c:1713:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&r, &x, 8); data/rspamd-2.5/contrib/libev/ev.c:2849:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dummy[4]; data/rspamd-2.5/contrib/libev/ev.c:3313:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). flags = atoi (getenv ("LIBEV_FLAGS")); data/rspamd-2.5/contrib/libev/ev.c:4815:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path [4096]; data/rspamd-2.5/contrib/libev/ev.c:4897:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf [EV_INOTIFY_BUFSIZE]; data/rspamd-2.5/contrib/libev/ev.c:5586:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. cb (EV_A_ EV_STAT, ((char *)ANHE_w (timers [i])) - offsetof (struct ev_stat, timer)); data/rspamd-2.5/contrib/libev/ev_select.c:155:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (vec_ro, vec_ri, fd_setsize); data/rspamd-2.5/contrib/libev/ev_select.c:156:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (vec_wo, vec_wi, fd_setsize); data/rspamd-2.5/contrib/libev/ev_select.c:164:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (vec_eo, vec_wi, fd_setsize); data/rspamd-2.5/contrib/libottery/chacha_cryptobox.c:48:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (output, &idx, sizeof (idx)); data/rspamd-2.5/contrib/libottery/chacha_merged.c:37:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char sigma[16] = "expand 32-byte k"; data/rspamd-2.5/contrib/libottery/ottery.c:153:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[WIPE_STACK_LEN]; data/rspamd-2.5/contrib/libottery/ottery.c:363:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&st->entropy_config, &config->entropy_config, data/rspamd-2.5/contrib/libottery/ottery.c:367:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&st->prf, prf, sizeof(*prf)); data/rspamd-2.5/contrib/libottery/ottery.c:641:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, st->buffer+st->pos, n); data/rspamd-2.5/contrib/libottery/ottery.c:646:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, st->buffer+st->pos, cpy); data/rspamd-2.5/contrib/libottery/ottery.c:650:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, st->buffer+st->pos, n); data/rspamd-2.5/contrib/libottery/ottery.c:672:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, st->buffer + st->pos, cpy); data/rspamd-2.5/contrib/libottery/ottery.c:684:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, st->buffer, st->prf.output_len); data/rspamd-2.5/contrib/libottery/ottery.c:719:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&r, p, sizeof(type)); \ data/rspamd-2.5/contrib/libottery/ottery_entropy_egd.c:29:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char msg[2]; data/rspamd-2.5/contrib/libottery/ottery_entropy_rdrand.c:41:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (out, &up, sizeof (up)); data/rspamd-2.5/contrib/libottery/ottery_entropy_rdrand.c:49:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, &up, outlen); data/rspamd-2.5/contrib/libottery/ottery_entropy_urandom.c:79:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(urandom_fname, O_RDONLY|O_CLOEXEC); data/rspamd-2.5/contrib/librdns/compression.c:109:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (target, &pointer, sizeof (pointer)); data/rspamd-2.5/contrib/librdns/compression.c:144:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (target, pos, label_len); data/rspamd-2.5/contrib/librdns/curve.c:68:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pk[crypto_box_PUBLICKEYBYTES]; data/rspamd-2.5/contrib/librdns/curve.c:73:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char k[crypto_box_BEFORENMBYTES]; data/rspamd-2.5/contrib/librdns/curve.c:79:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pk[crypto_box_PUBLICKEYBYTES]; data/rspamd-2.5/contrib/librdns/curve.c:80:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sk[crypto_box_SECRETKEYBYTES]; data/rspamd-2.5/contrib/librdns/curve.c:92:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char nonce[crypto_box_NONCEBYTES]; data/rspamd-2.5/contrib/librdns/curve.c:319:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (creq->nonce, &ctx->cur_key->counter, sizeof (uint64_t)); data/rspamd-2.5/contrib/librdns/curve.c:324:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m + crypto_box_ZEROBYTES, req->packet, req->pos); data/rspamd-2.5/contrib/librdns/curve.c:374:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char enonce[crypto_box_NONCEBYTES]; data/rspamd-2.5/contrib/librdns/curve.c:394:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (enonce, p, crypto_box_NONCEBYTES); data/rspamd-2.5/contrib/librdns/curve.c:404:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (box + crypto_box_BOXZEROBYTES, p, data/rspamd-2.5/contrib/librdns/curve.c:408:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, box + crypto_box_ZEROBYTES, data/rspamd-2.5/contrib/librdns/curve.c:722:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (creq->nonce, &ctx->cur_key->counter, sizeof (uint64_t)); data/rspamd-2.5/contrib/librdns/curve.c:728:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m + crypto_box_ZEROBYTES, req->packet, req->pos); data/rspamd-2.5/contrib/librdns/curve.c:785:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char enonce[24]; data/rspamd-2.5/contrib/librdns/curve.c:806:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (enonce, p, rspamd_cryptobox_nonce_bytes (RSPAMD_CRYPTOBOX_MODE_25519)); data/rspamd-2.5/contrib/librdns/curve.c:817:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (box + crypto_box_BOXZEROBYTES, p, data/rspamd-2.5/contrib/librdns/curve.c:824:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, box + crypto_box_ZEROBYTES, data/rspamd-2.5/contrib/librdns/dns_private.h:121:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char request[0]; data/rspamd-2.5/contrib/librdns/packet.c:100:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_label[DNS_D_MAXLABEL]; data/rspamd-2.5/contrib/librdns/packet.c:124:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (o, in, inlen); data/rspamd-2.5/contrib/librdns/packet.c:154:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (o, tmp_label, punylabel_len); data/rspamd-2.5/contrib/librdns/packet.c:193:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (o, p, label_len); data/rspamd-2.5/contrib/librdns/packet.c:212:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (o, p, label_len); data/rspamd-2.5/contrib/librdns/parse.c:220:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (t, l + 1, *l); data/rspamd-2.5/contrib/librdns/parse.c:225:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (t, p + 1, *p); data/rspamd-2.5/contrib/librdns/parse.c:279:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&elt->content.a.addr, p, sizeof (struct in_addr)); data/rspamd-2.5/contrib/librdns/parse.c:291:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&elt->content.aaa.addr, p, sizeof (struct in6_addr)); data/rspamd-2.5/contrib/librdns/parse.c:358:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (elt->content.txt.data + copied, p + 1, txtlen); data/rspamd-2.5/contrib/librdns/parse.c:401:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (elt->content.tlsa.data, p, datalen); data/rspamd-2.5/contrib/librdns/punycode.c:121:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (out, "xn--", 4); data/rspamd-2.5/contrib/librdns/rdns_ev.h:76:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ptr, (void *)&ev_ctx, sizeof (struct rdns_async_context)); data/rspamd-2.5/contrib/librdns/rdns_event.h:73:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (nctx, &ev_ctx, sizeof (struct rdns_async_context)); data/rspamd-2.5/contrib/librdns/resolver.c:618:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fake_buf[MAX_FAKE_NAME + sizeof (struct rdns_fake_reply_idx) + 16]; data/rspamd-2.5/contrib/librdns/resolver.c:711:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (idx->request, cur_name, clen); data/rspamd-2.5/contrib/librdns/resolver.c:1099:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (srch->request, name, len); data/rspamd-2.5/contrib/librdns/resolver.c:1120:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&fake_rep->key, srch, sizeof (*srch) + len); data/rspamd-2.5/contrib/librdns/upstream.h:139:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (nup, cd->upstreams, cd->nelts * sizeof (void *)); \ data/rspamd-2.5/contrib/librdns/util.c:157:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char portbuf[8]; data/rspamd-2.5/contrib/librdns/util.c:187:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (cpy, &un, *psocklen); data/rspamd-2.5/contrib/librdns/util.c:223:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (cpy, *psockaddr, *psocklen); data/rspamd-2.5/contrib/librdns/util.c:243:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char numbuf[16]; data/rspamd-2.5/contrib/librdns/util.c:596:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (cpy_buf, c, p - c); data/rspamd-2.5/contrib/librdns/util.c:626:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/rspamd-2.5/contrib/librdns/util.c:630:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen (path, "r"); data/rspamd-2.5/contrib/libucl/kvec.h:90:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((v1).a, (v0).a, sizeof(type) * (v0).n); \ data/rspamd-2.5/contrib/libucl/kvec.h:112:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((v1).a + (v1).n, (v0).a, sizeof(type) * (v0).n); \ data/rspamd-2.5/contrib/libucl/kvec.h:136:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((v1).a, (v0).a, sizeof(type) * (v0).n); \ data/rspamd-2.5/contrib/libucl/kvec.h:157:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((v1).a + (v1).n, (v0).a, sizeof(type) * (v0).n); \ data/rspamd-2.5/contrib/libucl/ucl.h:1578:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; /**< error message */ data/rspamd-2.5/contrib/libucl/ucl_emitter.c:1018:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char intbuf[64]; data/rspamd-2.5/contrib/libucl/ucl_emitter.c:1029:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nbuf[64]; data/rspamd-2.5/contrib/libucl/ucl_emitter.c:1102:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ip, &fd, sizeof (fd)); data/rspamd-2.5/contrib/libucl/ucl_emitter_streamline.c:80:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (sctx, ctx, sizeof (*ctx)); data/rspamd-2.5/contrib/libucl/ucl_msgpack.c:104:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[sizeof(uint64_t) + 1]; data/rspamd-2.5/contrib/libucl/ucl_msgpack.c:126:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&buf[1], &v, sizeof (v)); data/rspamd-2.5/contrib/libucl/ucl_msgpack.c:133:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&buf[1], &v, sizeof (v)); data/rspamd-2.5/contrib/libucl/ucl_msgpack.c:140:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&buf[1], &v, sizeof (v)); data/rspamd-2.5/contrib/libucl/ucl_msgpack.c:163:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&buf[1], &v, sizeof (v)); data/rspamd-2.5/contrib/libucl/ucl_msgpack.c:170:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&buf[1], &v, sizeof (v)); data/rspamd-2.5/contrib/libucl/ucl_msgpack.c:177:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&buf[1], &v, sizeof (v)); data/rspamd-2.5/contrib/libucl/ucl_msgpack.c:193:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[sizeof(double) + 1]; data/rspamd-2.5/contrib/libucl/ucl_msgpack.c:200:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&buf[1], &u.d, sizeof (double)); data/rspamd-2.5/contrib/libucl/ucl_msgpack.c:219:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[5]; data/rspamd-2.5/contrib/libucl/ucl_msgpack.c:236:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&buf[1], &bl, sizeof (bl)); data/rspamd-2.5/contrib/libucl/ucl_msgpack.c:243:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&buf[1], &bl, sizeof (bl)); data/rspamd-2.5/contrib/libucl/ucl_msgpack.c:256:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[5]; data/rspamd-2.5/contrib/libucl/ucl_msgpack.c:269:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&buf[1], &bl, sizeof (bl)); data/rspamd-2.5/contrib/libucl/ucl_msgpack.c:276:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&buf[1], &bl, sizeof (bl)); data/rspamd-2.5/contrib/libucl/ucl_msgpack.c:306:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[5]; data/rspamd-2.5/contrib/libucl/ucl_msgpack.c:318:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&buf[1], &bl, sizeof (bl)); data/rspamd-2.5/contrib/libucl/ucl_msgpack.c:325:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&buf[1], &bl, sizeof (bl)); data/rspamd-2.5/contrib/libucl/ucl_msgpack.c:336:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[5]; data/rspamd-2.5/contrib/libucl/ucl_msgpack.c:348:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&buf[1], &bl, sizeof (bl)); data/rspamd-2.5/contrib/libucl/ucl_msgpack.c:355:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&buf[1], &bl, sizeof (bl)); data/rspamd-2.5/contrib/libucl/ucl_msgpack.c:1392:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (obj->trash_stack[UCL_TRASH_VALUE], pos, len); data/rspamd-2.5/contrib/libucl/ucl_parser.c:454:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (d, var->value, var->value_len); data/rspamd-2.5/contrib/libucl/ucl_parser.c:466:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (d, dst, dstlen); data/rspamd-2.5/contrib/libucl/ucl_parser.c:477:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (d, ptr, 2); data/rspamd-2.5/contrib/libucl/ucl_parser.c:482:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (d, ptr, 1); data/rspamd-2.5/contrib/libucl/ucl_parser.c:1169:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errmsg[256]; data/rspamd-2.5/contrib/libucl/ucl_util.c:95:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define open _open data/rspamd-2.5/contrib/libucl/ucl_util.c:147:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAX_PATH + 1]; data/rspamd-2.5/contrib/libucl/ucl_util.c:160:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char path_buffer[_MAX_PATH]; data/rspamd-2.5/contrib/libucl/ucl_util.c:161:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char drive[_MAX_DRIVE]; data/rspamd-2.5/contrib/libucl/ucl_util.c:162:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dir[_MAX_DIR]; data/rspamd-2.5/contrib/libucl/ucl_util.c:163:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[_MAX_FNAME]; data/rspamd-2.5/contrib/libucl/ucl_util.c:164:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ext[_MAX_EXT]; data/rspamd-2.5/contrib/libucl/ucl_util.c:174:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char path_buffer[_MAX_PATH]; data/rspamd-2.5/contrib/libucl/ucl_util.c:175:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char drive[_MAX_DRIVE]; data/rspamd-2.5/contrib/libucl/ucl_util.c:176:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dir[_MAX_DIR]; data/rspamd-2.5/contrib/libucl/ucl_util.c:177:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[_MAX_FNAME]; data/rspamd-2.5/contrib/libucl/ucl_util.c:178:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ext[_MAX_EXT]; data/rspamd-2.5/contrib/libucl/ucl_util.c:509:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (deconst->trash_stack[UCL_TRASH_KEY], obj->key, obj->keylen); data/rspamd-2.5/contrib/libucl/ucl_util.c:564:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (deconst->trash_stack[UCL_TRASH_VALUE], data/rspamd-2.5/contrib/libucl/ucl_util.c:573:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (deconst->trash_stack[UCL_TRASH_VALUE], data/rspamd-2.5/contrib/libucl/ucl_util.c:773:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&(cbdata->buf[cbdata->buflen]), contents, realsize); data/rspamd-2.5/contrib/libucl/ucl_util.c:911:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (filename, O_RDONLY)) == -1) { data/rspamd-2.5/contrib/libucl/ucl_util.c:938:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dig[EVP_MAX_MD_SIZE]; data/rspamd-2.5/contrib/libucl/ucl_util.c:1012:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char urlbuf[PATH_MAX]; data/rspamd-2.5/contrib/libucl/ucl_util.c:1085:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filebuf[PATH_MAX], realbuf[PATH_MAX]; data/rspamd-2.5/contrib/libucl/ucl_util.c:1409:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char glob_pattern[PATH_MAX]; data/rspamd-2.5/contrib/libucl/ucl_util.c:1499:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipath[PATH_MAX]; data/rspamd-2.5/contrib/libucl/ucl_util.c:1953:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char realbuf[PATH_MAX], *curdir; data/rspamd-2.5/contrib/libucl/ucl_util.c:1994:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char realbuf[PATH_MAX]; data/rspamd-2.5/contrib/libucl/ucl_util.c:2130:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (dst, src, siz - 1); data/rspamd-2.5/contrib/libucl/ucl_util.c:2761:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char safe_iter_magic[4] = {'u', 'i', 't', 'e'}; data/rspamd-2.5/contrib/libucl/ucl_util.c:2763:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[4]; /* safety check */ data/rspamd-2.5/contrib/libucl/ucl_util.c:3577:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (new, other, sizeof (*new)); data/rspamd-2.5/contrib/lua-bit/bit.c:137:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8]; data/rspamd-2.5/contrib/lua-lpeg/lpcap.c:283:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). assert(captype(open) == Cgroup); data/rspamd-2.5/contrib/lua-lpeg/lpcap.c:284:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). id = finddyncap(open, close); /* get first dynamic capture argument */ data/rspamd-2.5/contrib/lua-lpeg/lpcap.c:287:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). cs->cap = open; cs->valuecached = 0; /* prepare capture state */ data/rspamd-2.5/contrib/lua-lpeg/lpcap.c:302:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return close - open; /* number of captures of all kinds removed */ data/rspamd-2.5/contrib/lua-lpeg/lptree.c:393:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sib1(tree), sib, sibsize * sizeof(TTree)); data/rspamd-2.5/contrib/lua-lpeg/lptree.c:497:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sib1(tree), tree1, s1 * sizeof(TTree)); data/rspamd-2.5/contrib/lua-lpeg/lptree.c:514:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sib1(tree), tree1, s1 * sizeof(TTree)); data/rspamd-2.5/contrib/lua-lpeg/lptree.c:515:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sib2(tree), tree2, s2 * sizeof(TTree)); data/rspamd-2.5/contrib/lua-lpeg/lptree.c:585:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sib1(tree), tree1, size1 * sizeof(TTree)); data/rspamd-2.5/contrib/lua-lpeg/lptree.c:600:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sib1(tree), tree1, size1 * sizeof(TTree)); data/rspamd-2.5/contrib/lua-lpeg/lptree.c:643:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sib1(sib1(tree)), t2, s2 * sizeof(TTree)); /* ...t2 */ data/rspamd-2.5/contrib/lua-lpeg/lptree.c:644:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sib2(tree), t1, s1 * sizeof(TTree)); /* ... and t1 */ data/rspamd-2.5/contrib/lua-lpeg/lptree.c:943:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sib1(nd), rn, rulesize * sizeof(TTree)); /* copy rule */ data/rspamd-2.5/contrib/lua-lpeg/lpvm.c:77:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (cp, &sz, sizeof (sz)); data/rspamd-2.5/contrib/lua-lpeg/lpvm.c:161:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newc, cap, captop * sizeof(Capture)); data/rspamd-2.5/contrib/lua-lpeg/lpvm.c:183:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newstack, stack, n * sizeof(Stack)); data/rspamd-2.5/contrib/replxx/src/io.cxx:303:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/rspamd-2.5/contrib/replxx/src/io.cxx:449:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char keys[10]; data/rspamd-2.5/contrib/replxx/src/io.cxx:458:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char friendlyTextBuf[10]; data/rspamd-2.5/contrib/replxx/src/io.cxx:642:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char seq[64]; data/rspamd-2.5/contrib/replxx/src/replxx.cxx:487:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char quit[4]; data/rspamd-2.5/contrib/snowball/compiler/driver.c:89:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * output = fopen(s, "w"); data/rspamd-2.5/contrib/snowball/compiler/driver.c:381:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_name, leaf, len); data/rspamd-2.5/contrib/snowball/compiler/driver.c:411:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_name, leaf, len); data/rspamd-2.5/contrib/snowball/compiler/generator.c:1239:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/rspamd-2.5/contrib/snowball/compiler/generator.c:1244:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "z->p[z->c + %d]", shortest_size - 1); data/rspamd-2.5/contrib/snowball/compiler/header.h:136:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char token_disabled[NUM_TOKEN_CODES]; data/rspamd-2.5/contrib/snowball/compiler/header.h:316:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * S[10]; /* strings */ data/rspamd-2.5/contrib/snowball/compiler/space.c:217:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[30]; data/rspamd-2.5/contrib/snowball/compiler/space.c:218:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%d", i); data/rspamd-2.5/contrib/snowball/compiler/tokeniser.c:26:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * input = fopen(filename, "r"); data/rspamd-2.5/contrib/t1ha/t1ha2.c:282:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->buffer.bytes + ctx->partial, data, chunk); data/rspamd-2.5/contrib/t1ha/t1ha2.c:309:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->buffer.bytes, data, ctx->partial = length); data/rspamd-2.5/contrib/uthash/utstring.h:106:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (l) memcpy(&(s)->d[(s)->i], b, l); \ data/rspamd-2.5/contrib/uthash/utstring.h:114:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if ((src)->i) memcpy(&(dst)->d[(dst)->i], (src)->d, (src)->i); \ data/rspamd-2.5/contrib/uthash/utstring.h:160:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(dst)->d[(dst)->i], (src), (len)); \ data/rspamd-2.5/contrib/xxhash/xxhash.c:93:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. return memcpy(dest,src,size); data/rspamd-2.5/contrib/zstd/cover.c:644:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dict + tail, ctx->samples + segment.begin, segmentSize); data/rspamd-2.5/contrib/zstd/cover.c:810:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(best->dict, dict, dictSize); data/rspamd-2.5/contrib/zstd/cover.c:857:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(freqs, ctx->freqs, ctx->suffixSize * sizeof(U32)); data/rspamd-2.5/contrib/zstd/cover.c:1040:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dictBuffer, best.dict, dictSize); data/rspamd-2.5/contrib/zstd/fse_decompress.c:121:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dt, &DTableH, sizeof(DTableH)); data/rspamd-2.5/contrib/zstd/huf_compress.c:630:28: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (oldHufTable) { memcpy(oldHufTable, CTable, CTableSize); } /* Save the new table */ data/rspamd-2.5/contrib/zstd/huf_decompress.c:113:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(DTable, &dtd, sizeof(dtd)); data/rspamd-2.5/contrib/zstd/huf_decompress.c:580:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(DTable, &dtd, sizeof(dtd)); data/rspamd-2.5/contrib/zstd/huf_decompress.c:594:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, dt+val, 2); data/rspamd-2.5/contrib/zstd/huf_decompress.c:602:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, dt+val, 1); data/rspamd-2.5/contrib/zstd/huf_decompress.c:927:32: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (cSrcSize == dstSize) { memcpy(dst, cSrc, dstSize); return dstSize; } /* not compressed */ data/rspamd-2.5/contrib/zstd/huf_decompress.c:940:32: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (cSrcSize == dstSize) { memcpy(dst, cSrc, dstSize); return dstSize; } /* not compressed */ data/rspamd-2.5/contrib/zstd/huf_decompress.c:979:32: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (cSrcSize == dstSize) { memcpy(dst, cSrc, dstSize); return dstSize; } /* not compressed */ data/rspamd-2.5/contrib/zstd/mem.h:168:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(memPtr, &value, sizeof(value)); data/rspamd-2.5/contrib/zstd/mem.h:173:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(memPtr, &value, sizeof(value)); data/rspamd-2.5/contrib/zstd/mem.h:178:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(memPtr, &value, sizeof(value)); data/rspamd-2.5/contrib/zstd/zdict.c:883:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dictBuffer, header, hSize); data/rspamd-2.5/contrib/zstd/zdict.c:1014:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, (const char*)samplesBuffer+dictList[u].pos, l); data/rspamd-2.5/contrib/zstd/zdict.c:1042:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newBuff, samplesBuffer, sBuffSize); data/rspamd-2.5/contrib/zstd/zstd_compress.c:998:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dstCCtx->customMem, &srcCCtx->customMem, sizeof(ZSTD_customMem)); data/rspamd-2.5/contrib/zstd/zstd_compress.c:1014:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dstCCtx->hashTable, srcCCtx->hashTable, tableSpace); /* presumes all tables follow each other */ data/rspamd-2.5/contrib/zstd/zstd_compress.c:1029:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dstCCtx->entropy, srcCCtx->entropy, sizeof(ZSTD_entropyCTables_t)); data/rspamd-2.5/contrib/zstd/zstd_compress.c:1103:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((BYTE*)dst + ZSTD_blockHeaderSize, src, srcSize); data/rspamd-2.5/contrib/zstd/zstd_compress.c:1131:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ostart + flSize, src, srcSize); data/rspamd-2.5/contrib/zstd/zstd_compress.c:1540:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(seqStorePtr->lit, anchor, lastLLSize); data/rspamd-2.5/contrib/zstd/zstd_compress.c:1632:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op + ZSTD_blockHeaderSize, ip, blockSize); data/rspamd-2.5/contrib/zstd/zstd_compress.c:2190:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(internalBuffer, dictBuffer, dictSize); data/rspamd-2.5/contrib/zstd/zstd_compress.c:2293:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cdict+1, dict, dictSize); data/rspamd-2.5/contrib/zstd/zstd_compress.c:2537:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (length) memcpy(dst, src, length); data/rspamd-2.5/contrib/zstd/zstd_decompress.c:69:54: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static void ZSTD_copy4(void* dst, const void* src) { memcpy(dst, src, 4); } data/rspamd-2.5/contrib/zstd/zstd_decompress.c:165:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dctx->entropy.rep, repStartValue, sizeof(repStartValue)); /* initial repcodes */ data/rspamd-2.5/contrib/zstd/zstd_decompress.c:240:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dstDCtx, srcDCtx, toCopy); /* no need to copy workspace */ data/rspamd-2.5/contrib/zstd/zstd_decompress.c:486:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, srcSize); data/rspamd-2.5/contrib/zstd/zstd_decompress.c:587:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dctx->litBuffer, istart+lhSize, litSize); data/rspamd-2.5/contrib/zstd/zstd_decompress.c:1097:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, litPtr, lastLLSize); data/rspamd-2.5/contrib/zstd/zstd_decompress.c:1355:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, litPtr, lastLLSize); data/rspamd-2.5/contrib/zstd/zstd_decompress.c:1724:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dctx->headerBuffer, src, ZSTD_frameHeaderSize_prefix); data/rspamd-2.5/contrib/zstd/zstd_decompress.c:1731:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dctx->headerBuffer, src, ZSTD_frameHeaderSize_prefix); data/rspamd-2.5/contrib/zstd/zstd_decompress.c:1741:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dctx->headerBuffer + ZSTD_frameHeaderSize_prefix, src, dctx->expected); data/rspamd-2.5/contrib/zstd/zstd_decompress.c:1831:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dctx->headerBuffer + ZSTD_frameHeaderSize_prefix, src, dctx->expected); data/rspamd-2.5/contrib/zstd/zstd_decompress.c:2020:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(internalBuffer, dict, dictSize); data/rspamd-2.5/contrib/zstd/zstd_decompress.c:2081:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ddict+1, dict, dictSize); /* local copy */ data/rspamd-2.5/contrib/zstd/zstd_decompress.c:2293:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, length); data/rspamd-2.5/contrib/zstd/zstd_decompress.c:2348:29: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(zds->headerBuffer + zds->lhSize, ip, iend-ip); data/rspamd-2.5/contrib/zstd/zstd_decompress.c:2355:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(zds->headerBuffer + zds->lhSize, ip, toLoad); zds->lhSize = hSize; ip += toLoad; data/rspamd-2.5/contrib/zstd/zstd_internal.h:163:54: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static void ZSTD_copy8(void* dst, const void* src) { memcpy(dst, src, 8); } data/rspamd-2.5/contrib/zstd/zstdmt_compress.c:955:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char*)output->dst + output->pos, (const char*)job.dstBuff.start + job.dstFlushed, toWrite); data/rspamd-2.5/contrib/zstd/zstdmt_compress.c:1022:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char*)mtctx->inBuff.buffer.start + mtctx->inBuff.filled, (const char*)input->src + input->pos, toLoad); data/rspamd-2.5/src/client/rspamc.c:1848:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen (fpath, "r"); data/rspamd-2.5/src/client/rspamc.c:2028:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen (argv[i], "r"); data/rspamd-2.5/src/controller.c:375:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m, password->begin, password->len); data/rspamd-2.5/src/controller.c:407:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ip_buf[INET6_ADDRSTRLEN + 1]; data/rspamd-2.5/src/controller.c:1039:41: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (stat (bk->uri, &st) == -1 || (fd = open (bk->uri, O_RDONLY)) == -1) { data/rspamd-2.5/src/controller.c:1082:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *colors[METRIC_ACTION_MAX] = { data/rspamd-2.5/src/controller.c:1311:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&acc[k * rrd_result->ds_count], data/rspamd-2.5/src/controller.c:1368:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (copied_rows, ctx->srv->history->rows, data/rspamd-2.5/src/fuzzy_storage.c:690:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&session->reply.rep, result, sizeof (*result)); data/rspamd-2.5/src/fuzzy_storage.c:1088:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ptr, cmd, up_len); data/rspamd-2.5/src/fuzzy_storage.c:1098:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ptr, cmd, up_len); data/rspamd-2.5/src/fuzzy_storage.c:1703:15: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). if ((outfd = mkstemp (tmppath)) == -1) { data/rspamd-2.5/src/fuzzy_storage.c:1722:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outfd = open (tmppath, O_RDONLY); data/rspamd-2.5/src/fuzzy_storage.c:1740:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (CMSG_DATA (cmsg), &outfd, sizeof (int)); data/rspamd-2.5/src/fuzzy_storage.c:2246:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (srv_cmd.cmd.spair.pair_id, "fuzzy", sizeof ("fuzzy")); data/rspamd-2.5/src/libcryptobox/base64/ref.c:74:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(o, &res, sizeof(res)); \ data/rspamd-2.5/src/libcryptobox/base64/ref.c:105:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(o, &res, sizeof(res)); \ data/rspamd-2.5/src/libcryptobox/catena/catena.c:182:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (vm1, tmp, H_LEN); data/rspamd-2.5/src/libcryptobox/catena/catena.c:183:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (vm2, tmp+(l/2*H_LEN), H_LEN); data/rspamd-2.5/src/libcryptobox/catena/catena.c:349:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(h, r + idx(0,c-1,co,c,m) * H_LEN, H_LEN); data/rspamd-2.5/src/libcryptobox/catena/catena.c:396:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (hash, x, H_LEN); data/rspamd-2.5/src/libcryptobox/catena/catena.c:403:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (hash, x, hashlen); data/rspamd-2.5/src/libcryptobox/chacha20/chacha.c:43:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void (*hchacha) (const unsigned char key[32], const unsigned char iv[16], data/rspamd-2.5/src/libcryptobox/chacha20/chacha.c:43:63: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void (*hchacha) (const unsigned char key[32], const unsigned char iv[16], data/rspamd-2.5/src/libcryptobox/chacha20/chacha.c:44:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out[32], size_t rounds); data/rspamd-2.5/src/libcryptobox/chacha20/chacha.c:51:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void hchacha_##ext(const unsigned char key[32], const unsigned char iv[16], unsigned char out[32], size_t rounds); data/rspamd-2.5/src/libcryptobox/chacha20/chacha.c:51:66: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void hchacha_##ext(const unsigned char key[32], const unsigned char iv[16], unsigned char out[32], size_t rounds); data/rspamd-2.5/src/libcryptobox/chacha20/chacha.c:51:88: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void hchacha_##ext(const unsigned char key[32], const unsigned char iv[16], unsigned char out[32], size_t rounds); data/rspamd-2.5/src/libcryptobox/chacha20/chacha.c:113:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (state->s + 0, key, 32); data/rspamd-2.5/src/libcryptobox/chacha20/chacha.c:115:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (state->s + 40, iv, 8); data/rspamd-2.5/src/libcryptobox/chacha20/chacha.c:125:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[16 * CHACHA_BLOCKBYTES]; data/rspamd-2.5/src/libcryptobox/chacha20/chacha.c:146:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer, in, bytes); data/rspamd-2.5/src/libcryptobox/chacha20/chacha.c:151:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (out, buffer, bytes); data/rspamd-2.5/src/libcryptobox/chacha20/chacha.c:160:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void hchacha (const unsigned char key[32], data/rspamd-2.5/src/libcryptobox/chacha20/chacha.c:161:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char iv[16], unsigned char out[32], size_t rounds) data/rspamd-2.5/src/libcryptobox/chacha20/chacha.c:161:40: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char iv[16], unsigned char out[32], size_t rounds) data/rspamd-2.5/src/libcryptobox/chacha20/chacha.c:181:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (state->buffer + state->leftover, in, bytes); data/rspamd-2.5/src/libcryptobox/chacha20/chacha.c:205:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (state->buffer + state->leftover, in, inlen); data/rspamd-2.5/src/libcryptobox/chacha20/chacha.c:227:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (out, state->buffer, leftover); data/rspamd-2.5/src/libcryptobox/chacha20/chacha.h:37:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char s[48]; data/rspamd-2.5/src/libcryptobox/chacha20/chacha.h:40:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[CHACHA_BLOCKBYTES]; data/rspamd-2.5/src/libcryptobox/chacha20/chacha.h:44:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char opaque[128]; data/rspamd-2.5/src/libcryptobox/chacha20/chacha.h:48:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char b[32]; data/rspamd-2.5/src/libcryptobox/chacha20/chacha.h:52:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char b[8]; data/rspamd-2.5/src/libcryptobox/chacha20/chacha.h:56:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char b[24]; data/rspamd-2.5/src/libcryptobox/chacha20/chacha.h:59:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void hchacha (const unsigned char key[32], const unsigned char iv[16], data/rspamd-2.5/src/libcryptobox/chacha20/chacha.h:59:59: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void hchacha (const unsigned char key[32], const unsigned char iv[16], data/rspamd-2.5/src/libcryptobox/chacha20/chacha.h:60:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out[32], size_t rounds); data/rspamd-2.5/src/libcryptobox/chacha20/ref.c:190:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. hchacha_ref(const unsigned char key[32], const unsigned char iv[16], unsigned char out[32], size_t rounds) { data/rspamd-2.5/src/libcryptobox/chacha20/ref.c:190:57: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. hchacha_ref(const unsigned char key[32], const unsigned char iv[16], unsigned char out[32], size_t rounds) { data/rspamd-2.5/src/libcryptobox/chacha20/ref.c:190:79: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. hchacha_ref(const unsigned char key[32], const unsigned char iv[16], unsigned char out[32], size_t rounds) { data/rspamd-2.5/src/libcryptobox/cryptobox.c:416:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (e, sk, 32); data/rspamd-2.5/src/libcryptobox/cryptobox.c:478:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char h[64]; data/rspamd-2.5/src/libcryptobox/cryptobox.c:537:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char h[64]; data/rspamd-2.5/src/libcryptobox/cryptobox.c:1031:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (st->data + offset, buf, cpy_len); data/rspamd-2.5/src/libcryptobox/cryptobox.c:1069:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (out, cur->data, cur->len); data/rspamd-2.5/src/libcryptobox/cryptobox.c:1088:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (out, cur->data, remain); data/rspamd-2.5/src/libcryptobox/cryptobox.c:1116:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (in, outbuf, sizeof (outbuf)); data/rspamd-2.5/src/libcryptobox/cryptobox.c:1122:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (outbuf, in, inremain); data/rspamd-2.5/src/libcryptobox/cryptobox.c:1259:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (asalt, salt, salt_len); data/rspamd-2.5/src/libcryptobox/cryptobox.c:1312:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (key, obuf, r); data/rspamd-2.5/src/libcryptobox/cryptobox.c:1497:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char b[sizeof (guint64)]; data/rspamd-2.5/src/libcryptobox/cryptobox.c:1579:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (iuf->buf.b + sizeof (iuf->buf.ll) - iuf->rem, data/rspamd-2.5/src/libcryptobox/cryptobox.c:1587:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (iuf->buf.b + sizeof (iuf->buf.ll) - iuf->rem, p, drem); data/rspamd-2.5/src/libcryptobox/cryptobox.c:1594:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (iuf->buf.b, p, sizeof (iuf->buf.ll)); data/rspamd-2.5/src/libcryptobox/cryptobox.c:1604:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (iuf->buf.b, p, drem); data/rspamd-2.5/src/libcryptobox/keypair.c:359:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pk_data, decoded, pklen); data/rspamd-2.5/src/libcryptobox/keypair.c:406:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pk_data, decoded, pklen); data/rspamd-2.5/src/libcryptobox/keypair.c:439:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pk_data, raw, pklen); data/rspamd-2.5/src/libcryptobox/keypair.c:478:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&p->nm->sk_id, kp->id, sizeof (guint64)); data/rspamd-2.5/src/libcryptobox/keypair.c:972:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (*out, data, inlen); data/rspamd-2.5/src/libcryptobox/keypair.c:1017:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (*out, encrypted_magic, sizeof (encrypted_magic)); data/rspamd-2.5/src/libcryptobox/keypair.c:1024:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data, in, inlen); data/rspamd-2.5/src/libcryptobox/keypair.c:1025:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pubkey, rspamd_keypair_component (kp, data/rspamd-2.5/src/libcryptobox/keypair.c:1067:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (*out, encrypted_magic, sizeof (encrypted_magic)); data/rspamd-2.5/src/libcryptobox/keypair.c:1074:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data, in, inlen); data/rspamd-2.5/src/libcryptobox/keypair.c:1075:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pubkey, rspamd_pubkey_get_pk (pk, NULL), data/rspamd-2.5/src/libcryptobox/keypairs_cache.c:86:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (search.pair, rk->id, rspamd_cryptobox_HASHBYTES); data/rspamd-2.5/src/libcryptobox/keypairs_cache.c:87:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&search.pair[rspamd_cryptobox_HASHBYTES], lk->id, data/rspamd-2.5/src/libcryptobox/keypairs_cache.c:105:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (new->pair, rk->id, rspamd_cryptobox_HASHBYTES); data/rspamd-2.5/src/libcryptobox/keypairs_cache.c:106:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&new->pair[rspamd_cryptobox_HASHBYTES], lk->id, data/rspamd-2.5/src/libcryptobox/keypairs_cache.c:108:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&new->nm->sk_id, lk->id, sizeof (guint64)); data/rspamd-2.5/src/libmime/archives.c:222:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&flags, cd + 8, sizeof (guint16)); data/rspamd-2.5/src/libmime/archives.c:224:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&comp_size, cd + 20, sizeof (guint32)); data/rspamd-2.5/src/libmime/archives.c:226:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&uncomp_size, cd + 24, sizeof (guint32)); data/rspamd-2.5/src/libmime/archives.c:266:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&hid, p, sizeof (guint16)); data/rspamd-2.5/src/libmime/archives.c:268:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&hlen, p + sizeof (guint16), sizeof (guint16)); data/rspamd-2.5/src/libmime/archives.c:778:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (res, start + 1, sizeof (guint64)); data/rspamd-2.5/src/libmime/archives.c:792:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&tgt, start + 1, intlen); data/rspamd-2.5/src/libmime/archives.c:835:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&(n), p, sizeof (guint64)); \ data/rspamd-2.5/src/libmime/content_type.c:207:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pos, cur->value.begin, cur->value.len); data/rspamd-2.5/src/libmime/content_type.c:259:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (lc_boundary, param->value.begin, param->value.len); data/rspamd-2.5/src/libmime/content_type.c:629:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (res, &val, sizeof (val)); data/rspamd-2.5/src/libmime/content_type.c:636:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (tmp, val.type.begin, val.type.len); data/rspamd-2.5/src/libmime/content_type.c:642:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (tmp, val.subtype.begin, val.subtype.len); data/rspamd-2.5/src/libmime/content_type.c:764:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (name_cpy, name_start, name_end - name_start); data/rspamd-2.5/src/libmime/content_type.c:768:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (value_cpy, value_start, value_end - value_start); data/rspamd-2.5/src/libmime/content_type.c:809:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (res, &val, sizeof (val)); data/rspamd-2.5/src/libmime/email_addr.c:64:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret, &addr, sizeof (addr)); data/rspamd-2.5/src/libmime/email_addr.c:116:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (elt, addr, sizeof (*addr)); data/rspamd-2.5/src/libmime/images.c:123:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&t, p, sizeof (guint32)); data/rspamd-2.5/src/libmime/images.c:126:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&t, p, sizeof (guint32)); data/rspamd-2.5/src/libmime/images.c:155:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&h, p + 4, sizeof (guint16)); data/rspamd-2.5/src/libmime/images.c:192:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&t, p, sizeof (guint16)); data/rspamd-2.5/src/libmime/images.c:194:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&t, p + 2, sizeof (guint16)); data/rspamd-2.5/src/libmime/images.c:216:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&t, p, sizeof (gint32)); data/rspamd-2.5/src/libmime/images.c:218:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&t, p + 4, sizeof (gint32)); data/rspamd-2.5/src/libmime/images.c:407:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (img->dct, found->dct, RSPAMD_DCT_LEN / NBBY); data/rspamd-2.5/src/libmime/images.c:427:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (found->dct, img->dct, RSPAMD_DCT_LEN / NBBY); data/rspamd-2.5/src/libmime/message.c:1314:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (MESSAGE_FIELD (task, digest), n, sizeof (n)); data/rspamd-2.5/src/libmime/message.c:1323:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (MESSAGE_FIELD (task, digest), n, sizeof (n)); data/rspamd-2.5/src/libmime/message.c:1633:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (n, msg->digest, sizeof (msg->digest)); data/rspamd-2.5/src/libmime/mime_encoding.c:466:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (out->data, in->data, out->len); data/rspamd-2.5/src/libmime/mime_encoding.c:481:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (out->data, in->data, out->len); data/rspamd-2.5/src/libmime/mime_encoding.c:668:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (part_content->data, text_part->parsed.begin, text_part->parsed.len); data/rspamd-2.5/src/libmime/mime_expressions.c:1172:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (new, list_ptr, (functions_number - 1) * sizeof (struct _fl)); data/rspamd-2.5/src/libmime/mime_headers.c:560:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (old_charset, new_charset, sizeof (*old_charset)); data/rspamd-2.5/src/libmime/mime_headers.c:938:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (new_dest, *dest, *destlen); data/rspamd-2.5/src/libmime/mime_headers.c:939:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (new_dest + *destlen, begin, len); data/rspamd-2.5/src/libmime/mime_headers.c:947:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (*dest, begin, len); data/rspamd-2.5/src/libmime/mime_parser.c:610:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (parsed->str, part->raw_data.begin, parsed->len); data/rspamd-2.5/src/libmime/mime_parser.c:638:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (parsed->str, part->raw_data.begin, part->raw_data.len); data/rspamd-2.5/src/libmime/mime_parser.c:675:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (parsed->str, part->raw_data.begin, parsed->len); data/rspamd-2.5/src/libmime/mime_parser.c:832:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&npart->specific.mp->boundary, &sel->orig_boundary, data/rspamd-2.5/src/libmime/mime_parser.c:1131:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (lc_copy, p, blen + 2); data/rspamd-2.5/src/libmime/mime_parser.c:1136:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (lc_copy, p, blen); data/rspamd-2.5/src/libmime/mime_parser.c:1495:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&npart->specific.mp->boundary, &sel->orig_boundary, data/rspamd-2.5/src/libmime/scan_result.c:566:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (d, p, off); data/rspamd-2.5/src/libserver/cfg_rcl.c:3746:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (*destination, ndata, nsize); data/rspamd-2.5/src/libserver/cfg_rcl.c:3772:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cksumbuf[rspamd_cryptobox_HASHBYTES]; data/rspamd-2.5/src/libserver/cfg_rcl.c:3813:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (filename, O_RDONLY)) == -1) { data/rspamd-2.5/src/libserver/cfg_rcl.c:3833:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). (fd = open (keypair_path, O_RDONLY)) != -1) { data/rspamd-2.5/src/libserver/cfg_utils.c:566:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (lf->data, content, sizeof (*content)); data/rspamd-2.5/src/libserver/dkim.c:2480:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (cached_bh->digest_normal, raw_digest, sizeof (raw_digest)); data/rspamd-2.5/src/libserver/dkim.c:2502:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (cached_bh->digest_crlf, raw_digest, sizeof (raw_digest)); data/rspamd-2.5/src/libserver/dkim.c:2521:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (cached_bh->digest_cr, raw_digest, sizeof (raw_digest)); data/rspamd-2.5/src/libserver/dkim.c:2849:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pk[32]; data/rspamd-2.5/src/libserver/dkim.c:2861:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (nkey->key.key_eddsa, key, klen); data/rspamd-2.5/src/libserver/dkim.c:3186:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (cached_bh->digest_normal, raw_digest, sizeof (raw_digest)); data/rspamd-2.5/src/libserver/dns.c:656:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen (fname, "r"); data/rspamd-2.5/src/libserver/dynamic_cfg.c:333:7: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). fd = mkstemp (pathbuf); data/rspamd-2.5/src/libserver/fuzzy_backend/fuzzy_backend_redis.c:297:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char errstr[128]; data/rspamd-2.5/src/libserver/fuzzy_backend/fuzzy_backend_redis.c:357:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (shingles[i].digest, cur->str, MIN (64, cur->len)); data/rspamd-2.5/src/libserver/fuzzy_backend/fuzzy_backend_redis.c:418:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (session->found_digest, sel->digest, data/rspamd-2.5/src/libserver/fuzzy_backend/fuzzy_backend_redis.c:648:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (session->found_digest, session->cmd->digest, sizeof (rep.digest)); data/rspamd-2.5/src/libserver/fuzzy_backend/fuzzy_backend_redis.c:1255:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (hval, io_cmd->cmd.shingle.basic.digest, data/rspamd-2.5/src/libserver/html.c:400:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (t, kh_val (html_entity_by_name, k), data/rspamd-2.5/src/libserver/html.c:455:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (t, kh_val (html_entity_by_number, k), data/rspamd-2.5/src/libserver/html.c:909:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p, begin, end - begin); data/rspamd-2.5/src/libserver/html.c:1045:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (s, tag->name.start, tag->name.len); data/rspamd-2.5/src/libserver/html.c:1266:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (s, *savep, comp->len); data/rspamd-2.5/src/libserver/html.c:1288:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (s, *savep, comp->len); data/rspamd-2.5/src/libserver/html.c:1315:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (s, *savep, comp->len); data/rspamd-2.5/src/libserver/html.c:1459:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (d, prefix, plen); data/rspamd-2.5/src/libserver/html.c:1862:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hexbuf[7]; data/rspamd-2.5/src/libserver/html.c:2030:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (cl, el, sizeof (*cl)); data/rspamd-2.5/src/libserver/html.c:2574:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&bl->background_color, &hc->bgcolor, sizeof (hc->bgcolor)); data/rspamd-2.5/src/libserver/http/http_connection.c:789:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (cur_iov, priv->out, niov * sizeof (struct iovec)); data/rspamd-2.5/src/libserver/http/http_context.c:351:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&ctx->config, cfg, sizeof (*cfg)); data/rspamd-2.5/src/libserver/http/http_message.c:194:28: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). storage->shared.shm_fd = mkstemp (storage->shared.name->shm_name); data/rspamd-2.5/src/libserver/http/http_message.c:218:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (msg->body_buf.str, data, len); data/rspamd-2.5/src/libserver/http/http_message.c:416:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (msg->body_buf.str + msg->body_buf.len, data, len); data/rspamd-2.5/src/libserver/http/http_router.c:191:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (realbuf, O_RDONLY); data/rspamd-2.5/src/libserver/http/http_router.c:308:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&handler, &found, sizeof (found)); data/rspamd-2.5/src/libserver/http/http_router.c:343:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&handler, &found, sizeof (found)); data/rspamd-2.5/src/libserver/logger/logger.c:155:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&logger->ops, funcs, sizeof (*funcs)); data/rspamd-2.5/src/libserver/logger/logger.c:230:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&logger->ops, funcs, sizeof (*funcs)); data/rspamd-2.5/src/libserver/logger/logger.c:340:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p, comp, len); data/rspamd-2.5/src/libserver/logger/logger.c:347:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p, begin, end - begin); data/rspamd-2.5/src/libserver/logger/logger.c:757:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (cpy, logger->errlog->elts, logger->errlog->max_elts * data/rspamd-2.5/src/libserver/logger/logger_file.c:190:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (priv->io_buf.buf + priv->io_buf.used, data/rspamd-2.5/src/libserver/logger/logger_file.c:310:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (priv->log_file, data/rspamd-2.5/src/libserver/logger/logger_file.c:446:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (priv->saved_message, message, mlen); data/rspamd-2.5/src/libserver/maps/map.c:290:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char next_check_date[128]; data/rspamd-2.5/src/libserver/maps/map.c:1374:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (header.magic, rspamd_http_file_magic, sizeof (rspamd_http_file_magic)); data/rspamd-2.5/src/libserver/maps/map.c:1457:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (header.magic, rspamd_http_file_magic, sizeof (rspamd_http_file_magic)); data/rspamd-2.5/src/libserver/maps/map_helpers.c:460:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (val->value, value, vlen); data/rspamd-2.5/src/libserver/maps/map_helpers.c:489:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (val->value, value, vlen); data/rspamd-2.5/src/libserver/maps/map_helpers.c:533:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (val->value, value, vlen); data/rspamd-2.5/src/libserver/maps/map_helpers.c:582:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (val->value, value, vlen); data/rspamd-2.5/src/libserver/milter.c:267:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&(var), (pos), sizeof (var)); \ data/rspamd-2.5/src/libserver/milter.c:272:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&(var), (pos), sizeof (var)); \ data/rspamd-2.5/src/libserver/milter.c:604:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (cpy, pos, zero - pos); data/rspamd-2.5/src/libserver/milter.c:620:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (cpy, pos, end - pos); data/rspamd-2.5/src/libserver/milter.c:707:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (cpy, pos, end - pos); data/rspamd-2.5/src/libserver/milter.c:724:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (cpy, pos, end - pos); data/rspamd-2.5/src/libserver/milter.c:1118:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (priv->pool->tag.uid, pool->tag.uid, sizeof (pool->tag.uid)); data/rspamd-2.5/src/libserver/milter.c:1159:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((reply)->str, &_len, sizeof (_len)); \ data/rspamd-2.5/src/libserver/milter.c:1202:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pos, reason, len + 1); data/rspamd-2.5/src/libserver/milter.c:1211:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pos, name->str, name->len + 1); data/rspamd-2.5/src/libserver/milter.c:1213:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pos, value->str, value->len + 1); data/rspamd-2.5/src/libserver/milter.c:1227:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pos, &idx, sizeof (idx)); data/rspamd-2.5/src/libserver/milter.c:1229:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pos, name->str, name->len + 1); data/rspamd-2.5/src/libserver/milter.c:1231:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pos, value->str, value->len + 1); data/rspamd-2.5/src/libserver/milter.c:1239:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pos, body_str, len); data/rspamd-2.5/src/libserver/milter.c:1249:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pos, value->str, value->len + 1); data/rspamd-2.5/src/libserver/milter.c:1262:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pos, &ver, sizeof (ver)); data/rspamd-2.5/src/libserver/milter.c:1264:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pos, &actions, sizeof (actions)); data/rspamd-2.5/src/libserver/milter.c:1266:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pos, &protocol, sizeof (protocol)); data/rspamd-2.5/src/libserver/protocol.c:1986:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&ls->results[n], extra->data, nextra * sizeof (er)); data/rspamd-2.5/src/libserver/re_cache.c:288:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (re_class->type_data, type_data, datalen); data/rspamd-2.5/src/libserver/re_cache.c:883:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((*svec)[0], sel_data, slen); data/rspamd-2.5/src/libserver/re_cache.c:900:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((*svec)[i], sel_data, slen); data/rspamd-2.5/src/libserver/re_cache.c:1828:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (path, O_RDONLY, 00600); data/rspamd-2.5/src/libserver/re_cache.c:1863:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (path, O_CREAT|O_TRUNC|O_EXCL|O_WRONLY, 00600); data/rspamd-2.5/src/libserver/re_cache.c:2216:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (path, O_RDONLY); data/rspamd-2.5/src/libserver/re_cache.c:2398:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (path, O_RDONLY); data/rspamd-2.5/src/libserver/re_cache.c:2446:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (hs_ids, p, n * sizeof (*hs_ids)); data/rspamd-2.5/src/libserver/re_cache.c:2449:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (hs_flags, p, n * sizeof (*hs_flags)); data/rspamd-2.5/src/libserver/roll_history.c:213:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (filename, O_RDONLY)) == -1) { data/rspamd-2.5/src/libserver/roll_history.c:381:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (filename, O_WRONLY | O_CREAT | O_TRUNC, 00600)) == -1) { data/rspamd-2.5/src/libserver/rspamd_control.c:455:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (CMSG_DATA (cmsg), &attached_fd, sizeof (int)); data/rspamd-2.5/src/libserver/rspamd_control.c:923:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (nid, cmd.cmd.spair.pair_id, data/rspamd-2.5/src/libserver/rspamd_control.c:1016:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (CMSG_DATA (cmsg), &rdata->fd, sizeof (int)); data/rspamd-2.5/src/libserver/rspamd_control.c:1086:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (CMSG_DATA (cmsg), &rd->attached_fd, sizeof (int)); data/rspamd-2.5/src/libserver/rspamd_symcache.c:766:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (name, O_RDONLY); data/rspamd-2.5/src/libserver/rspamd_symcache.c:935:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (path, O_CREAT | O_WRONLY | O_EXCL, 00644); data/rspamd-2.5/src/libserver/rspamd_symcache.c:954:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (hdr.magic, rspamd_symcache_magic, data/rspamd-2.5/src/libserver/rspamd_symcache.c:3559:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (new_array, ls->dyn.n, ls->dyn.len * sizeof (guint32)); data/rspamd-2.5/src/libserver/rspamd_symcache.c:3579:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (new_array, ls->st, G_N_ELEMENTS (ls->st) * sizeof (guint32)); data/rspamd-2.5/src/libserver/spf.c:568:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (t, cur_addr->addr6, sizeof (guint64) * 2); data/rspamd-2.5/src/libserver/spf.c:580:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&t, cur_addr->addr4, sizeof (guint32)); data/rspamd-2.5/src/libserver/spf.c:724:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (naddr, addr, sizeof (*naddr)); data/rspamd-2.5/src/libserver/spf.c:729:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (naddr->addr6, data/rspamd-2.5/src/libserver/spf.c:735:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (naddr->addr4, &reply->content.a.addr, sizeof (addr->addr4)); data/rspamd-2.5/src/libserver/spf.c:1702:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (dest, macro_value, macro_len); data/rspamd-2.5/src/libserver/spf.c:1716:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (d, ¯o_value[pos[i * 2]], tlen); data/rspamd-2.5/src/libserver/spf.c:1721:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (d, ¯o_value[pos[i * 2]], tlen); data/rspamd-2.5/src/libserver/spf.c:1732:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (d, ¯o_value[pos[i * 2]], tlen); data/rspamd-2.5/src/libserver/spf.c:1737:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (d, ¯o_value[pos[i * 2]], tlen); data/rspamd-2.5/src/libserver/spf.c:1745:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (dest, macro_value, macro_len); data/rspamd-2.5/src/libserver/ssl_util.c:920:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p, cur->iov_base, cur->iov_len); data/rspamd-2.5/src/libserver/ssl_util.c:925:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p, cur->iov_base, remain); data/rspamd-2.5/src/libserver/task.c:369:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (fp, O_RDONLY, 00600); data/rspamd-2.5/src/libserver/task.c:478:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (fp, O_RDONLY); data/rspamd-2.5/src/libserver/url.c:433:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen (fname, "r"); data/rspamd-2.5/src/libserver/url.c:2091:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (uri->string, p, u.field_data[UF_SCHEMA].len); data/rspamd-2.5/src/libserver/url.c:2092:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (uri->string + u.field_data[UF_SCHEMA].len, "://", 3); data/rspamd-2.5/src/libserver/url.c:3677:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char rspamd_url_encoding_classes[256] = { data/rspamd-2.5/src/libserver/worker_util.c:1343:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[128]; data/rspamd-2.5/src/libserver/worker_util.c:1880:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (stat, &stat_copy, sizeof (stat_copy)); data/rspamd-2.5/src/libstat/backends/mmaped_file.c:418:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). lock_fd = open (lock, O_WRONLY|O_CREAT|O_EXCL, 00600); data/rspamd-2.5/src/libstat/backends/mmaped_file.c:422:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). lock_fd = open (lock, O_WRONLY|O_CREAT|O_EXCL, 00600); data/rspamd-2.5/src/libstat/backends/mmaped_file.c:472:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (backup, O_RDONLY); data/rspamd-2.5/src/libstat/backends/mmaped_file.c:514:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (nh->unused, header->unused, sizeof (header->unused)); data/rspamd-2.5/src/libstat/backends/mmaped_file.c:571:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). lock_fd = open (lock, O_WRONLY|O_CREAT|O_EXCL, 00600); data/rspamd-2.5/src/libstat/backends/mmaped_file.c:601:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((new_file->fd = open (filename, O_RDWR)) == -1) { data/rspamd-2.5/src/libstat/backends/mmaped_file.c:717:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). lock_fd = open (lock, O_WRONLY|O_CREAT|O_EXCL, 00600); data/rspamd-2.5/src/libstat/backends/mmaped_file.c:721:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). lock_fd = open (lock, O_WRONLY|O_CREAT|O_EXCL, 00600); data/rspamd-2.5/src/libstat/backends/mmaped_file.c:749:3: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open (filename, O_RDWR | O_TRUNC | O_CREAT, S_IWUSR | S_IRUSR)) == -1) { data/rspamd-2.5/src/libstat/backends/mmaped_file.c:773:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (header.unused, tok_conf, tok_conf_len); data/rspamd-2.5/src/libstat/backends/sqlite3_backend.c:1051:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (copied_conf, tk_conf, sz); data/rspamd-2.5/src/libstat/stat_config.c:135:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&stat_ctx->classifiers_subrs[i], &stat_classifiers[i], data/rspamd-2.5/src/libstat/stat_config.c:146:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&stat_ctx->classifiers_subrs[i], &lua_classifier, data/rspamd-2.5/src/libstat/tokenizers/osb.c:69:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (def.magic, osb_tokenizer_magic, sizeof (osb_tokenizer_magic)); data/rspamd-2.5/src/libstat/tokenizers/osb.c:98:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (cf, def, sizeof (*cf)); data/rspamd-2.5/src/libstat/tokenizers/osb.c:165:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (osb_cf, def, sizeof (*osb_cf)); data/rspamd-2.5/src/libstat/tokenizers/osb.c:370:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((guchar *)&new_tok->data, &h1, sizeof (h1)); \ data/rspamd-2.5/src/libstat/tokenizers/osb.c:371:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(((guchar *)&new_tok->data) + sizeof (h1), &h2, sizeof (h2)); \ data/rspamd-2.5/src/libstat/tokenizers/tokenizers.c:812:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (normbuf, tmpbuf, end * sizeof (UChar)); data/rspamd-2.5/src/libstat/tokenizers/tokenizers.c:927:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (dest, stemmed, dlen); data/rspamd-2.5/src/libutil/addr.c:247:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&addr->u.in.addr.s4.sin_addr, &p[12], data/rspamd-2.5/src/libutil/addr.c:254:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&addr->u.in.addr.s6, &su.s6, data/rspamd-2.5/src/libutil/addr.c:260:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&addr->u.in.addr.s6, &su.s6, data/rspamd-2.5/src/libutil/addr.c:273:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&addr->u.un->addr, &su.su, MIN (len, data/rspamd-2.5/src/libutil/addr.c:278:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&addr->u.un->addr, &su.sa, sizeof (struct sockaddr)); data/rspamd-2.5/src/libutil/addr.c:641:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&addr->u.in.addr.s4.sin_addr, &p[12], data/rspamd-2.5/src/libutil/addr.c:647:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&addr->u.in.addr.s6.sin6_addr, &sin6->sin6_addr, data/rspamd-2.5/src/libutil/addr.c:653:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&addr->u.in.addr.s6.sin6_addr, &sin6->sin6_addr, data/rspamd-2.5/src/libutil/addr.c:674:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&addr->u.in.addr.s4.sin_addr, &p[12], data/rspamd-2.5/src/libutil/addr.c:681:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&addr->u.in.addr.s6.sin6_addr, &sin6->sin6_addr, data/rspamd-2.5/src/libutil/addr.c:688:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&addr->u.in.addr.s6.sin6_addr, &sin6->sin6_addr, data/rspamd-2.5/src/libutil/addr.c:706:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipbuf[INET6_ADDRSTRLEN + 1]; data/rspamd-2.5/src/libutil/addr.c:780:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&addr->u.in.addr.s4.sin_addr, &su.s4.sin_addr, data/rspamd-2.5/src/libutil/addr.c:791:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&addr->u.in.addr.s4.sin_addr, &su.s4.sin_addr, data/rspamd-2.5/src/libutil/addr.c:838:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipbuf[INET6_ADDRSTRLEN + 1]; data/rspamd-2.5/src/libutil/addr.c:898:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&target->u.in.addr.s4.sin_addr, &su.s4.sin_addr, data/rspamd-2.5/src/libutil/addr.c:910:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&target->u.in.addr.s4.sin_addr, &su.s4.sin_addr, data/rspamd-2.5/src/libutil/addr.c:930:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char addr_str[INET6_ADDRSTRLEN + 1]; data/rspamd-2.5/src/libutil/addr.c:953:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char addr_str[PATH_MAX + 5]; data/rspamd-2.5/src/libutil/addr.c:1155:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&addr->u.un->addr, &su.su, sizeof (struct sockaddr_un)); data/rspamd-2.5/src/libutil/addr.c:1404:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&cur_addr->u.in.addr.s4.sin_addr, &su.s4.sin_addr, data/rspamd-2.5/src/libutil/addr.c:1414:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&cur_addr->u.in.addr.s6.sin6_addr, &su.s6.sin6_addr, data/rspamd-2.5/src/libutil/addr.c:1570:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&addr->u.in.addr.s4.sin_addr, init, sizeof (struct in_addr)); data/rspamd-2.5/src/libutil/addr.c:1573:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&addr->u.in.addr.s6.sin6_addr, init, sizeof (struct in6_addr)); data/rspamd-2.5/src/libutil/addr.c:1604:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&addr->u.in.addr.s4, sa, sizeof (struct sockaddr_in)); data/rspamd-2.5/src/libutil/addr.c:1608:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&addr->u.in.addr.s6, sa, sizeof (struct sockaddr_in6)); data/rspamd-2.5/src/libutil/addr.c:1627:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&addr->u.in.addr.s4.sin_addr, &rep->content.a.addr, data/rspamd-2.5/src/libutil/addr.c:1632:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&addr->u.in.addr.s6.sin6_addr, &rep->content.aaa.addr, data/rspamd-2.5/src/libutil/addr.c:1765:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (n->u.un, addr->u.un, sizeof (*addr->u.un)); data/rspamd-2.5/src/libutil/addr.c:1768:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&n->u.in, &addr->u.in, sizeof (addr->u.in)); data/rspamd-2.5/src/libutil/addr.c:1825:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (layout.buf, &addr->u.in.addr.s4.sin_addr, data/rspamd-2.5/src/libutil/addr.c:1829:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (layout.buf, &addr->u.in.addr.s6.sin6_addr, data/rspamd-2.5/src/libutil/addr.c:1867:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (layout.buf, &addr->u.in.addr.s4.sin_addr, data/rspamd-2.5/src/libutil/addr.c:1872:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (layout.buf, &addr->u.in.addr.s6.sin6_addr, data/rspamd-2.5/src/libutil/expression.c:567:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (n, elt, sizeof (*n)); data/rspamd-2.5/src/libutil/fstring.c:88:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (s->str, init, len); data/rspamd-2.5/src/libutil/fstring.c:109:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (str->str, init, len); data/rspamd-2.5/src/libutil/fstring.c:174:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (str->str + str->len, in, len); data/rspamd-2.5/src/libutil/fstring.c:427:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (result, s->str, s->len); data/rspamd-2.5/src/libutil/fstring.c:443:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (result, s->begin, s->len); data/rspamd-2.5/src/libutil/fstring.c:480:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (newstr, src->begin, src->len); data/rspamd-2.5/src/libutil/fstring.c:496:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (newstr, src->str, src->len); data/rspamd-2.5/src/libutil/mem_pool.c:193:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open ("/dev/zero", O_RDWR); data/rspamd-2.5/src/libutil/mem_pool.c:279:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uidbuf[10]; data/rspamd-2.5/src/libutil/mem_pool.c:301:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open ("/dev/zero", O_RDWR); data/rspamd-2.5/src/libutil/mem_pool.c:375:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (mem_chunk + sizeof (rspamd_mempool_t), &debug_tbl, data/rspamd-2.5/src/libutil/mem_pool.c:586:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (newstr, src, len); data/rspamd-2.5/src/libutil/mem_pool.c:603:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (newstr, src->str, src->len); data/rspamd-2.5/src/libutil/mem_pool.c:620:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (newstr, src->begin, src->len); data/rspamd-2.5/src/libutil/multipattern.c:184:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (res, prefix, slen); data/rspamd-2.5/src/libutil/printf.c:238:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char int_lookup_table[200] = { data/rspamd-2.5/src/libutil/printf.c:402:19: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. return ((gchar *)memcpy (buf, p, len)) + len; data/rspamd-2.5/src/libutil/printf.c:422:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (dst->pos, buf, wr); data/rspamd-2.5/src/libutil/radix.c:188:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + 12, key, klen); data/rspamd-2.5/src/libutil/radix.c:299:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (addr_buf.buf + 12, data/rspamd-2.5/src/libutil/radix.c:318:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (addr_buf.buf, &sin6->sin6_addr, data/rspamd-2.5/src/libutil/rrd.c:196:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (filename, O_RDWR); data/rspamd-2.5/src/libutil/rrd.c:362:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (filename, O_RDWR); data/rspamd-2.5/src/libutil/rrd.c:499:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (filename, O_RDWR | O_CREAT | O_EXCL, 0644); data/rspamd-2.5/src/libutil/rrd.c:529:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&ds.dst, "COUNTER", sizeof ("COUNTER")); data/rspamd-2.5/src/libutil/rrd.c:544:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&rra.cf_nam, "AVERAGE", sizeof ("AVERAGE")); data/rspamd-2.5/src/libutil/rrd.c:573:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&pdp.last_ds, "U", sizeof ("U")); data/rspamd-2.5/src/libutil/rrd.c:648:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (file->ds_def, ds->data, ds->len); data/rspamd-2.5/src/libutil/rrd.c:671:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (file->rra_def, rra->data, rra->len); data/rspamd-2.5/src/libutil/rrd.c:1339:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pdp_prep_new, pdp_prep_old, sizeof (*pdp_prep_new)); data/rspamd-2.5/src/libutil/rrd.c:1348:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (cdp_prep_new, cdp_prep_old, sizeof (*cdp_prep_new)); data/rspamd-2.5/src/libutil/rrd.c:1374:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (rrd->live_head, old->live_head, sizeof (*rrd->live_head)); data/rspamd-2.5/src/libutil/rrd.c:1375:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (rrd->rra_ptr, old->rra_ptr, data/rspamd-2.5/src/libutil/shingles.c:87:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (key_cpy, key, SHINGLES_KEY_SIZE); data/rspamd-2.5/src/libutil/shingles.c:103:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (out_key, shabuf, 16); data/rspamd-2.5/src/libutil/sqlite_utils.c:44:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (nst, &init_stmt[i], sizeof (*nst)); data/rspamd-2.5/src/libutil/sqlite_utils.c:157:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p, sqlite3_column_blob (stmt, i), len); data/rspamd-2.5/src/libutil/sqlite_utils.c:217:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). while ((fd = open (lock, O_WRONLY|O_CREAT|O_EXCL, 00600)) == -1) { data/rspamd-2.5/src/libutil/sqlite_utils.c:225:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (lock, O_RDONLY); data/rspamd-2.5/src/libutil/sqlite_utils.c:339:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). lock_fd = open (lock_path, O_WRONLY|O_CREAT|O_EXCL, 00600); data/rspamd-2.5/src/libutil/str_util.c:167:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (d, tst, olen); data/rspamd-2.5/src/libutil/str_util.c:2456:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (o, p, processed); data/rspamd-2.5/src/libutil/str_util.c:2798:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (dest, src, end * sizeof (*dest)); data/rspamd-2.5/src/libutil/str_util.c:3119:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (d, p, err_offset); data/rspamd-2.5/src/libutil/str_util.c:3153:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (d, p, remain); data/rspamd-2.5/src/libutil/str_util.c:3312:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (elt, p, cur_fragment); data/rspamd-2.5/src/libutil/upstream.c:1631:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (nlimits, ups->limits, sizeof (*nlimits)); data/rspamd-2.5/src/libutil/util.c:722:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (path, O_RDONLY); data/rspamd-2.5/src/libutil/util.c:773:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (pfh->pf_path, O_WRONLY | O_CREAT | O_TRUNC | O_NONBLOCK, mode); data/rspamd-2.5/src/libutil/util.c:971:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (s, rcpt, rcptlen); data/rspamd-2.5/src/libutil/util.c:1386:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((input = output = open (_PATH_TTY, O_RDWR)) == -1) { data/rspamd-2.5/src/libutil/util.c:1905:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (fname, flags, mode); data/rspamd-2.5/src/libutil/util.c:1908:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (fname, flags, mode); data/rspamd-2.5/src/libutil/util.c:1911:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (fname, flags, mode); data/rspamd-2.5/src/libutil/util.c:1995:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (fname, O_RDWR, 0); data/rspamd-2.5/src/libutil/util.c:1998:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (fname, O_RDONLY, 0); data/rspamd-2.5/src/lua/lua_cdb.c:61:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (filename, O_RDONLY)) == -1) { data/rspamd-2.5/src/lua/lua_cryptobox.c:644:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (filename, O_RDONLY); data/rspamd-2.5/src/lua/lua_cryptobox.c:732:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (filename, flags, 00644); data/rspamd-2.5/src/lua/lua_cryptobox.c:1317:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (out, &ll, sizeof (ll)); data/rspamd-2.5/src/lua/lua_cryptobox.c:2047:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (nonce + sizeof (guint64) + sizeof (guint32), &ts, sizeof (ts)); data/rspamd-2.5/src/lua/lua_cryptobox.c:2051:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (padded_cookie, cookie, cookie_len); data/rspamd-2.5/src/lua/lua_cryptobox.c:2067:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (result, nonce, sizeof (nonce)); data/rspamd-2.5/src/lua/lua_ip.c:257:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char numbuf[8]; data/rspamd-2.5/src/lua/lua_ip.c:297:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char numbuf[4]; data/rspamd-2.5/src/lua/lua_kann.c:874:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen (fname, "w"); data/rspamd-2.5/src/lua/lua_kann.c:938:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen (fname, "rb"); data/rspamd-2.5/src/lua/lua_logger.c:749:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (d, c, cpylen); data/rspamd-2.5/src/lua/lua_logger.c:833:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (d, c, cpylen); data/rspamd-2.5/src/lua/lua_mempool.c:362:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (vp, &val, sizeof (gdouble)); data/rspamd-2.5/src/lua/lua_mempool.c:367:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (vp, &val, sizeof (gboolean)); data/rspamd-2.5/src/lua/lua_mempool.c:372:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (vp, val.s, slen + 1); data/rspamd-2.5/src/lua/lua_mempool.c:436:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&num, pv, sizeof (gdouble)); data/rspamd-2.5/src/lua/lua_mempool.c:443:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&num, pv, sizeof (gint)); data/rspamd-2.5/src/lua/lua_mempool.c:450:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&num, pv, sizeof (gint64)); data/rspamd-2.5/src/lua/lua_mempool.c:457:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&num, pv, sizeof (gboolean)); data/rspamd-2.5/src/lua/lua_redis.c:759:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (args[0], cmd, arglens[0]); data/rspamd-2.5/src/lua/lua_redis.c:771:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (args[top], s, arglens[top]); data/rspamd-2.5/src/lua/lua_redis.c:782:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (args[top], t->start, arglens[top]); data/rspamd-2.5/src/lua/lua_redis.c:802:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (args[top], numbuf, arglens[top]); data/rspamd-2.5/src/lua/lua_redis.c:818:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (args[0], cmd, arglens[0]); data/rspamd-2.5/src/lua/lua_rsa.c:129:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen (filename, "r"); data/rspamd-2.5/src/lua/lua_rsa.c:206:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen (filename, "r"); data/rspamd-2.5/src/lua/lua_rsa.c:446:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (filename, O_RDONLY); data/rspamd-2.5/src/lua/lua_rsa.c:499:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (filename, flags, 00644); data/rspamd-2.5/src/lua/lua_sqlite3.c:38:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). LUA_FUNCTION_DEF (sqlite3, open); data/rspamd-2.5/src/lua/lua_sqlite3.c:45:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). LUA_INTERFACE_DEF (sqlite3, open), data/rspamd-2.5/src/lua/lua_task.c:1490:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pos, s, l); data/rspamd-2.5/src/lua/lua_task.c:1497:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pos, t->start, t->len); data/rspamd-2.5/src/lua/lua_task.c:1518:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, s, final_len); data/rspamd-2.5/src/lua/lua_task.c:1526:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, t->start, final_len); data/rspamd-2.5/src/lua/lua_task.c:1691:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((gchar *)task->msg.begin, str_message, message_len); data/rspamd-2.5/src/lua/lua_task.c:3373:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((gchar *)addr->user, p, len); data/rspamd-2.5/src/lua/lua_task.c:3385:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((gchar *)addr->domain, p, len); data/rspamd-2.5/src/lua/lua_task.c:3397:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((gchar *)addr->addr, p, len); data/rspamd-2.5/src/lua/lua_task.c:3418:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (cpy, p, len); data/rspamd-2.5/src/lua/lua_task.c:5413:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (mres->actions_limits, old_actions, data/rspamd-2.5/src/lua/lua_task.c:5757:10: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). fd = mkstemp (fpath); data/rspamd-2.5/src/lua/lua_tcp.c:816:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (cur_iov, wh->iov, niov * sizeof (struct iovec)); data/rspamd-2.5/src/lua/lua_tcp.c:1418:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (vec->iov_base, str, len); data/rspamd-2.5/src/lua/lua_tcp.c:1573:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (stop_pattern, p, plen); data/rspamd-2.5/src/lua/lua_tcp.c:2063:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (stop_pattern, p, plen); data/rspamd-2.5/src/lua/lua_text.c:201:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (storage, start, len); data/rspamd-2.5/src/lua/lua_text.c:325:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((*dest), st, stlen); data/rspamd-2.5/src/lua/lua_text.c:332:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((*dest), elt->start, elt->len); data/rspamd-2.5/src/lua/lua_text.c:341:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((*dest), delim, dlen); data/rspamd-2.5/src/lua/lua_text.c:457:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (dest, t->start, t->len); data/rspamd-2.5/src/lua/lua_text.c:985:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (dest, t->start, t->len); data/rspamd-2.5/src/lua/lua_text.c:1096:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (dest, t->start, t->len); data/rspamd-2.5/src/lua/lua_udp.c:97:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (iov->iov_base, t->start, t->len); data/rspamd-2.5/src/lua/lua_udp.c:108:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (iov->iov_base, s, len); data/rspamd-2.5/src/lua/lua_url.c:311:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (tmp, url->url->string + url->url->usershift, url->url->userlen); data/rspamd-2.5/src/lua/lua_url.c:315:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (tmp + url->url->userlen + 1, rspamd_url_host_unsafe (url->url), data/rspamd-2.5/src/lua/lua_util.c:1255:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((char *)t->start, s, inlen); data/rspamd-2.5/src/lua/lua_util.c:1848:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timebuf[128]; data/rspamd-2.5/src/lua/lua_util.c:1961:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (fpath, O_RDONLY); data/rspamd-2.5/src/lua/lua_util.c:3084:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[PATH_MAX]; data/rspamd-2.5/src/lua/lua_util.c:3262:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[5 * sizeof (lua_Number)]; /* enough for any float type */ data/rspamd-2.5/src/lua/lua_util.c:3380:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newptr, B->ptr, B->nelems); data/rspamd-2.5/src/lua/lua_util.c:3394:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(luaL_prepbuffsize (B, l), s, l); data/rspamd-2.5/src/lua/lua_worker.c:685:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((guchar *)&sz, cbdata->io_buf->str, sizeof (sz)); data/rspamd-2.5/src/plugins/fuzzy_check.c:1481:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (cmd->digest, cached->digest, data/rspamd-2.5/src/plugins/fuzzy_check.c:1488:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&shcmd->sgl, cached->sh, sizeof (struct rspamd_shingle)); data/rspamd-2.5/src/plugins/fuzzy_check.c:1489:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (shcmd->basic.digest, cached->digest, data/rspamd-2.5/src/plugins/fuzzy_check.c:1650:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&shcmd->sgl, cached->sh, sizeof (struct rspamd_shingle)); data/rspamd-2.5/src/plugins/fuzzy_check.c:1651:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (shcmd->basic.digest, cached->digest, data/rspamd-2.5/src/plugins/fuzzy_check.c:1888:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p, &encrep.rep, sizeof (encrep.rep)); data/rspamd-2.5/src/plugins/fuzzy_check.c:2076:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (hex_result->str, hexbuf, sizeof (hexbuf)); data/rspamd-2.5/src/rspamadm/dkim_keygen.c:142:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pubfile = fopen (pub_fname, "w"); data/rspamd-2.5/src/rspamadm/dkim_keygen.c:217:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). privfile = fopen (priv_fname, "w"); data/rspamd-2.5/src/rspamadm/dkim_keygen.c:251:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pubfile = fopen (pub_fname, "w"); data/rspamd-2.5/src/rspamadm/signtool.c:164:11: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). fd_out = mkstemp (tmppath); data/rspamd-2.5/src/rspamadm/signtool.c:359:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pub_fp = fopen (pubout, "w"); data/rspamd-2.5/src/rspamadm/signtool.c:519:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (pubkey_file, O_RDONLY); data/rspamd-2.5/src/rspamd.c:1100:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&old_stat, &cur_stat, sizeof (cur_stat)); data/rspamd-2.5/test/rspamd_http_test.c:291:18: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). g_assert ((fd = mkstemp (filepath)) != -1); data/rspamd-2.5/test/rspamd_radix_test.c:91:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (t->addr, &ina, sizeof (ina)); data/rspamd-2.5/test/rspamd_radix_test.c:95:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (t->addr, &in6a, sizeof (in6a)); data/rspamd-2.5/test/rspamd_radix_test.c:103:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (t->naddr, &ina, sizeof (ina)); data/rspamd-2.5/test/rspamd_radix_test.c:106:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (t->naddr, &in6a, sizeof (in6a)); data/rspamd-2.5/test/rspamd_radix_test.c:158:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (t->addr, &ina, sizeof (ina)); data/rspamd-2.5/test/rspamd_radix_test.c:162:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (t->addr, &in6a, sizeof (in6a)); data/rspamd-2.5/test/rspamd_radix_test.c:170:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (t->naddr, &ina, sizeof (ina)); data/rspamd-2.5/test/rspamd_radix_test.c:173:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (t->naddr, &in6a, sizeof (in6a)); data/rspamd-2.5/test/rspamd_radix_test.c:239:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (addrs[i].addr64 + 12, &addrs[i].addr, 4); data/rspamd-2.5/test/rspamd_radix_test.c:267:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipbuf[INET6_ADDRSTRLEN + 1]; data/rspamd-2.5/test/rspamd_radix_test.c:313:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipbuf[INET6_ADDRSTRLEN + 1]; data/rspamd-2.5/test/rspamd_radix_test.c:360:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipbuf[INET6_ADDRSTRLEN + 1]; data/rspamd-2.5/test/rspamd_rrd_test.c:28:9: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). gchar tmpfile[PATH_MAX]; data/rspamd-2.5/test/rspamd_rrd_test.c:38:19: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). rspamd_snprintf (tmpfile, sizeof (tmpfile), "/tmp/rspamd_rrd.rrd"); data/rspamd-2.5/test/rspamd_rrd_test.c:38:36: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). rspamd_snprintf (tmpfile, sizeof (tmpfile), "/tmp/rspamd_rrd.rrd"); data/rspamd-2.5/test/rspamd_rrd_test.c:39:10: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). unlink (tmpfile); data/rspamd-2.5/test/rspamd_rrd_test.c:43:38: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). g_assert ((rrd = rspamd_rrd_create (tmpfile, 2, 4, 1, ticks, &err)) != NULL); data/rspamd-2.5/test/rspamd_rrd_test.c:64:36: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). g_assert ((rrd = rspamd_rrd_open (tmpfile, &err)) != NULL); data/rspamd-2.5/test/rspamd_shingles_test.c:199:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b + 1, "test", 4); data/rspamd-2.5/test/rspamd_upstream_test.c:25:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test_key[32]; data/rspamd-2.5/utils/base64.c:35:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (fname, O_RDONLY); data/rspamd-2.5/utils/mime_tool.c:136:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (fname, O_RDONLY); data/rspamd-2.5/utils/rspamd_http_bench.c:399:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). lat_file = fopen (latencies_file, "w"); data/rspamd-2.5/contrib/cdb/cdb_make.c:249:52: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (lseek (fd, pos + rlen, SEEK_SET) < 0 || (r = read (fd, data/rspamd-2.5/contrib/cdb/cdb_make.c:292:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read (cdbmp->cdb_fd, cdbmp->cdb_buf, 8) != 8) data/rspamd-2.5/contrib/cdb/cdb_make.c:305:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). len = read (cdbmp->cdb_fd, cdbmp->cdb_buf, len); data/rspamd-2.5/contrib/cdb/cdb_make.c:446:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). do l = read(fd, buf, len); data/rspamd-2.5/contrib/exim/dlfunc-json/rspamd.c:74:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t read, wrote; data/rspamd-2.5/contrib/exim/dlfunc-json/rspamd.c:301:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wrote = send (rspamd_sock, spamd_buffer2, strlen (spamd_buffer2), 0); data/rspamd-2.5/contrib/exim/dlfunc-json/rspamd.c:318:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read < sizeof (spamd_buffer)) { data/rspamd-2.5/contrib/exim/dlfunc-json/rspamd.c:319:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). spamd_buffer[read] = 0; data/rspamd-2.5/contrib/exim/dlfunc-json/rspamd.c:322:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read > 0) { data/rspamd-2.5/contrib/exim/dlfunc-json/rspamd.c:353:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (offset + wrote != read) { data/rspamd-2.5/contrib/exim/local_scan.c:89:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iLen = (int)strlen(pszDir); data/rspamd-2.5/contrib/exim/local_scan.c:110:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((iLen = read (fd, psMsg, sizeof (psMsg))) > 0) data/rspamd-2.5/contrib/exim/local_scan.c:146:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (send (sock, sCommand, strlen (sCommand), 0) != (int) strlen (sCommand)) data/rspamd-2.5/contrib/exim/local_scan.c:146:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (send (sock, sCommand, strlen (sCommand), 0) != (int) strlen (sCommand)) data/rspamd-2.5/contrib/exim/local_scan.c:156:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Len = read (sock, answ, sizeof (answ)); data/rspamd-2.5/contrib/exim/local_scan.c:231:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (sender_address) == 0 ? "MAILER-DAEMON" : (char*) sender_address, sFile, 1, 0) != _OK) data/rspamd-2.5/contrib/exim/local_scan.c:260:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bytesRead = read (fd, psBuf, MAX_SIZE_FILE); data/rspamd-2.5/contrib/exim/local_scan.c:305:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write (iFdInp, h_line->text, strlen (h_line->text)) != strlen (h_line->text)) data/rspamd-2.5/contrib/exim/local_scan.c:305:68: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write (iFdInp, h_line->text, strlen (h_line->text)) != strlen (h_line->text)) data/rspamd-2.5/contrib/exim/local_scan.c:355:17: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep (1000); data/rspamd-2.5/contrib/exim/local_scan.c:396:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncasecmp (h_line->text, hdr, strlen(hdr)) == 0) data/rspamd-2.5/contrib/exim/local_scan.c:425:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncasecmp (h_line->text, "Subject", strlen("Subject")) == 0) data/rspamd-2.5/contrib/exim/local_scan.c:473:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). next += len = read(fd, buf + next, size - next); data/rspamd-2.5/contrib/exim/local_scan.c:568:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(tok)>0) { data/rspamd-2.5/contrib/exim/local_scan.c:605:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (symbols != NULL && strlen(symbols)) data/rspamd-2.5/contrib/exim/local_scan.c:623:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (urls != NULL && strlen(urls)) data/rspamd-2.5/contrib/hiredis/hiredis.c:262:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(arg); data/rspamd-2.5/contrib/hiredis/hiredis.c:492:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = argvlen ? argvlen[j] : strlen(argv[j]); data/rspamd-2.5/contrib/hiredis/hiredis.c:509:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = argvlen ? argvlen[j] : strlen(argv[j]); data/rspamd-2.5/contrib/hiredis/hiredis.c:543:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = argvlen ? argvlen[j] : strlen(argv[j]); data/rspamd-2.5/contrib/hiredis/hiredis.c:554:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = argvlen ? argvlen[j] : strlen(argv[j]); data/rspamd-2.5/contrib/hiredis/hiredis.c:577:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/rspamd-2.5/contrib/hiredis/hiredis.c:645:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memset(c->errstr, '\0', strlen(c->errstr)); data/rspamd-2.5/contrib/hiredis/hiredis.c:806:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nread = read(c->fd,buf,sizeof(buf)); data/rspamd-2.5/contrib/hiredis/hiredis.h:103:13: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat((buf), err_str, ((len) - 1)); \ data/rspamd-2.5/contrib/hiredis/net.c:448:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sa.sun_path,path,sizeof(sa.sun_path)-1); data/rspamd-2.5/contrib/hiredis/read.c:66:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/rspamd-2.5/contrib/hiredis/sds.c:76:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t initlen = (init == NULL) ? 0 : strlen(init); data/rspamd-2.5/contrib/hiredis/sds.c:107:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int reallen = strlen(s); data/rspamd-2.5/contrib/hiredis/sds.c:256:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return sdscatlen(s, t, strlen(t)); data/rspamd-2.5/contrib/hiredis/sds.c:289:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return sdscpylen(s, t, strlen(t)); data/rspamd-2.5/contrib/hiredis/sds.c:455:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = (next == 's') ? strlen(str) : sdslen(str); data/rspamd-2.5/contrib/libev/ev.c:1994:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write (STDERR_FILENO, msg, strlen (msg)); data/rspamd-2.5/contrib/libev/ev.c:2844:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (evpipe [1], &counter, sizeof (uint64_t)); data/rspamd-2.5/contrib/libev/ev.c:2858:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (evpipe [0], &dummy, sizeof (dummy)); data/rspamd-2.5/contrib/libev/ev.c:2960:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ssize_t res = read (sigfd, si, sizeof (si)); data/rspamd-2.5/contrib/libev/ev.c:4813:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((errno == ENOENT || errno == EACCES) && strlen (w->path) < 4096) data/rspamd-2.5/contrib/libev/ev.c:4899:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int len = read (fs_fd, buf, sizeof (buf)); data/rspamd-2.5/contrib/libottery/ottery_entropy_egd.c:50:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(sock, msg, 1) != 1) { data/rspamd-2.5/contrib/libottery/ottery_entropy_urandom.c:28:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read(fd, outp, n); data/rspamd-2.5/contrib/librdns/curve.c:181:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HASH_ADD_KEYPTR (hh, ctx->entries, entry->name, strlen (entry->name), entry); data/rspamd-2.5/contrib/librdns/curve.c:217:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int len = strlen (hex), i; data/rspamd-2.5/contrib/librdns/curve.c:379:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = read (ioc->sock, buf, len); data/rspamd-2.5/contrib/librdns/curve.c:582:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HASH_ADD_KEYPTR (hh, ctx->entries, entry->name, strlen (entry->name), entry); data/rspamd-2.5/contrib/librdns/curve.c:618:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int len = strlen (hex), i; data/rspamd-2.5/contrib/librdns/packet.c:104:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). inlen = strlen (in); data/rspamd-2.5/contrib/librdns/resolver.c:671:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). clen = strlen (cur_name); data/rspamd-2.5/contrib/librdns/resolver.c:1093:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned len = strlen (name); data/rspamd-2.5/contrib/librdns/util.c:556:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = line + strlen (line); data/rspamd-2.5/contrib/librdns/util.c:642:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = buf + strlen (buf) - 1; data/rspamd-2.5/contrib/libucl/ucl_emitter.c:465:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ucl_elt_string_write_json (ud_out, strlen (ud_out), ctx); data/rspamd-2.5/contrib/libucl/ucl_emitter.c:1021:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return write (fd, intbuf, strlen (intbuf)); data/rspamd-2.5/contrib/libucl/ucl_emitter.c:1042:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return write (fd, nbuf, strlen (nbuf)); data/rspamd-2.5/contrib/libucl/ucl_parser.c:2758:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HASH_ADD_KEYPTR (hh, parser->macroes, new->name, strlen (new->name), new); data/rspamd-2.5/contrib/libucl/ucl_parser.c:2786:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HASH_ADD_KEYPTR (hh, parser->macroes, new->name, strlen (new->name), new); data/rspamd-2.5/contrib/libucl/ucl_parser.c:2830:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new->var_len = strlen (var); data/rspamd-2.5/contrib/libucl/ucl_parser.c:2832:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new->value_len = strlen (value); data/rspamd-2.5/contrib/libucl/ucl_parser.c:2839:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new->value_len = strlen (value); data/rspamd-2.5/contrib/libucl/ucl_parser.c:3042:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (data); data/rspamd-2.5/contrib/libucl/ucl_schema.c:773:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (ucl_strnstr (p, "://", strlen (p)) != NULL) { data/rspamd-2.5/contrib/libucl/ucl_util.c:148:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, path, sizeof(tmp)-1); data/rspamd-2.5/contrib/libucl/ucl_util.c:584:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). deconst->len = strlen (obj->trash_stack[UCL_TRASH_VALUE]); data/rspamd-2.5/contrib/libucl/ucl_util.c:1190:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). params->prefix, strlen (params->prefix))); data/rspamd-2.5/contrib/libucl/ucl_util.c:1197:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). old_obj->keylen = strlen (params->prefix); data/rspamd-2.5/contrib/libucl/ucl_util.c:1285:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nest_obj->keylen = strlen (params->prefix); data/rspamd-2.5/contrib/libucl/ucl_util.c:1444:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (globbuf.gl_pathv[i]), data/rspamd-2.5/contrib/libucl/ucl_util.c:1449:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (globbuf.gl_pathv[i]), parser, params)) { data/rspamd-2.5/contrib/libucl/ucl_util.c:1603:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((search = ucl_include_file (ipath, strlen (ipath), data/rspamd-2.5/contrib/libucl/ucl_util.c:1818:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (prefix == NULL || strlen (prefix) == 0) { data/rspamd-2.5/contrib/libucl/ucl_util.c:1885:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). obj->keylen = strlen (prefix); data/rspamd-2.5/contrib/libucl/ucl_util.c:2169:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mlen = strlen (find); data/rspamd-2.5/contrib/libucl/ucl_util.c:2192:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mlen = strlen (find); data/rspamd-2.5/contrib/libucl/ucl_util.c:2219:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (str); data/rspamd-2.5/contrib/libucl/ucl_util.c:2387:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). keylen = strlen (key); data/rspamd-2.5/contrib/libucl/ucl_util.c:2487:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return ucl_object_delete_keyl (top, key, strlen (key)); data/rspamd-2.5/contrib/libucl/ucl_util.c:2512:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return ucl_object_pop_keyl (top, key, strlen (key)); data/rspamd-2.5/contrib/libucl/ucl_util.c:2662:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return ucl_object_lookup_len (obj, key, strlen (key)); data/rspamd-2.5/contrib/libucl/ucl_util.c:2677:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = ucl_object_lookup_len (obj, key, strlen (key)); data/rspamd-2.5/contrib/libucl/ucl_util.c:2689:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = ucl_object_lookup_len (obj, nk, strlen (nk)); data/rspamd-2.5/contrib/replxx/src/conversion.cxx:51:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). auto slen = strlen(src); data/rspamd-2.5/contrib/replxx/src/history.cxx:46:21: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). mode_t old_umask = umask( S_IXUSR | S_IRWXG| S_IRWXO ); data/rspamd-2.5/contrib/replxx/src/history.cxx:53:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask( old_umask ); data/rspamd-2.5/contrib/replxx/src/io.cxx:251:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nread = read( STDIN_FILENO, &c, 1 ); data/rspamd-2.5/contrib/replxx/src/io.cxx:450:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int ret = read(0, keys, 10); data/rspamd-2.5/contrib/replxx/src/io.cxx:576:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). static_cast<void>( read( _interrupt[0], &data, 1 ) == 1 ); data/rspamd-2.5/contrib/replxx/src/io.cxx:645:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write8( seq, strlen( seq ) ); data/rspamd-2.5/contrib/replxx/src/io.cxx:652:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write8( seq, strlen( seq ) ); data/rspamd-2.5/contrib/replxx/src/replxx.cxx:501:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nread = read(STDIN_FILENO, &c, 1); data/rspamd-2.5/contrib/replxx/src/replxx_impl.cxx:1780:16: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if ( std::equal( dp._searchText.begin(), dp._searchText.end(), activeHistoryLine.begin() + lineSearchPos ) ) { data/rspamd-2.5/contrib/snowball/compiler/driver.c:372:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (dot == NULL) ? strlen(leaf) : (size_t)(dot - leaf); data/rspamd-2.5/contrib/snowball/compiler/generator.c:302:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int l = strlen(input); data/rspamd-2.5/contrib/snowball/compiler/generator.c:1441:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (g->options->runtime_path[strlen(g->options->runtime_path) - 1] != '/') data/rspamd-2.5/contrib/snowball/compiler/space.c:141:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int n = strlen(s); data/rspamd-2.5/contrib/snowball/compiler/tokeniser.c:32:22: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int ch = getc(input); data/rspamd-2.5/contrib/snowball/compiler/tokeniser.c:94:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int l = strlen(s); data/rspamd-2.5/contrib/uthash/uthash.h:253:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HASH_FIND(hh,head,findstr,strlen(findstr),out) data/rspamd-2.5/contrib/uthash/uthash.h:255:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HASH_ADD(hh,head,strfield,strlen(add->strfield),add) data/rspamd-2.5/contrib/uthash/uthash.h:257:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HASH_REPLACE(hh,head,strfield,strlen(add->strfield),add,replaced) data/rspamd-2.5/contrib/zstd/fse_compress.c:629:9: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/rspamd-2.5/src/client/rspamc.c:522:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gsize clen = strlen (rspamc_commands[i].name); data/rspamd-2.5/src/client/rspamc.c:557:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!rspamd_parse_inet_address (&addr, ip, strlen (ip), data/rspamd-2.5/src/client/rspamc.c:1419:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (json_header), 60, NULL, nl_type); data/rspamd-2.5/src/client/rspamdclient.c:455:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). req->msg->url = rspamd_fstring_append (req->msg->url, command, strlen (command)); data/rspamd-2.5/src/controller.c:594:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (check) == password->len) { data/rspamd-2.5/src/controller.c:622:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (check) == password->len) { data/rspamd-2.5/src/controller.c:645:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (check) == password->len) { data/rspamd-2.5/src/controller.c:1425:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (syms[j]) == 0) { data/rspamd-2.5/src/controller.c:2886:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). reply = rspamd_fstring_new_init ("pong" CRLF, strlen ("pong" CRLF)); data/rspamd-2.5/src/controller.c:2937:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen ("Invalid method")); data/rspamd-2.5/src/fuzzy_storage.c:2045:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read (w->fd, &cmd, sizeof (cmd)); data/rspamd-2.5/src/hs_helper.c:135:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (ctx->hs_dir) + 1 + sizeof ("*.hs.new") + 2; data/rspamd-2.5/src/libcryptobox/catena/catena.c:372:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). __Hash1 (VERSION_ID, strlen ((char*) VERSION_ID), hv); data/rspamd-2.5/src/libcryptobox/keypair.c:336:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (b32); data/rspamd-2.5/src/libcryptobox/keypair.c:381:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (hex); data/rspamd-2.5/src/libmime/archives.c:1851:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str, strlen (str)) != -1) { data/rspamd-2.5/src/libmime/archives.c:1871:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (fname && fname->len > strlen (str)) { data/rspamd-2.5/src/libmime/archives.c:1872:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = fname->begin + fname->len - strlen (str); data/rspamd-2.5/src/libmime/archives.c:1874:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (rspamd_lc_cmp (p, str, strlen (str)) == 0) { data/rspamd-2.5/src/libmime/images.c:665:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cid_len = strlen (cid); data/rspamd-2.5/src/libmime/images.c:686:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (html_cid) == cid_len && data/rspamd-2.5/src/libmime/lang_detection.c:501:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wlen = strlen (nw); data/rspamd-2.5/src/libmime/lang_detection.c:1565:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return rspamd_cryptobox_fast_hash (elt->name, strlen (elt->name), data/rspamd-2.5/src/libmime/message.c:978:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). srch.len = strlen (mb); data/rspamd-2.5/src/libmime/message.c:1016:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). part->cd = rspamd_content_disposition_parse (cdbuf, strlen (cdbuf), data/rspamd-2.5/src/libmime/message.c:1278:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (recv->real_ip), data/rspamd-2.5/src/libmime/message.c:1319:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (p); data/rspamd-2.5/src/libmime/message.c:1422:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). srch.len = strlen (mb); data/rspamd-2.5/src/libmime/mime_encoding.c:239:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = begin + strlen (begin) - 1; data/rspamd-2.5/src/libmime/mime_encoding.c:628:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). real_charset, strlen (real_charset), TRUE)) { data/rspamd-2.5/src/libmime/mime_encoding.c:635:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). charset->len = strlen (real_charset); data/rspamd-2.5/src/libmime/mime_expressions.c:826:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (mime_atom->d.re->extra.header) + 1); data/rspamd-2.5/src/libmime/mime_expressions.c:848:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (mime_atom->d.re->extra.selector) + 1); data/rspamd-2.5/src/libmime/mime_expressions.c:977:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (re->extra.header), data/rspamd-2.5/src/libmime/mime_expressions.c:985:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (re->extra.selector), data/rspamd-2.5/src/libmime/mime_expressions.c:1731:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return match_smtp_data (task, arg, str, strlen (str)); data/rspamd-2.5/src/libmime/mime_expressions.c:1777:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gsize plen = strlen (arg_pattern->data); data/rspamd-2.5/src/libmime/mime_expressions.c:2007:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). srch.len = strlen (arg_pattern->data); data/rspamd-2.5/src/libmime/mime_expressions.c:2061:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). srch.len = strlen (subtype->data); data/rspamd-2.5/src/libmime/mime_expressions.c:2130:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). srch.len = strlen (param_type->data); data/rspamd-2.5/src/libmime/mime_headers.c:47:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). h = rspamd_icase_hash (rh->name, strlen (rh->name), 0xdeadbabe); data/rspamd-2.5/src/libmime/mime_headers.c:56:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (rh->decoded), recv) != -1) { data/rspamd-2.5/src/libmime/mime_headers.c:64:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rh->decoded, strlen (rh->decoded), data/rspamd-2.5/src/libmime/mime_headers.c:70:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rh->decoded, strlen (rh->decoded), data/rspamd-2.5/src/libmime/mime_headers.c:76:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rh->decoded, strlen (rh->decoded), data/rspamd-2.5/src/libmime/mime_headers.c:82:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rh->decoded, strlen (rh->decoded), data/rspamd-2.5/src/libmime/mime_headers.c:90:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = p + strlen (p); data/rspamd-2.5/src/libmime/mime_headers.c:132:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (rh->decoded)); data/rspamd-2.5/src/libmime/mime_headers.c:391:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nh->value, strlen (tmp), &broken_utf); data/rspamd-2.5/src/libmime/mime_headers.c:402:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_mime_charset_utf_enforce (nh->decoded, strlen (nh->decoded)); data/rspamd-2.5/src/libmime/mime_headers.c:499:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_cryptobox_hash_update (&hs, nh->name, strlen (nh->name)); data/rspamd-2.5/src/libmime/mime_headers.c:886:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out = g_string_sized_new (strlen (fqdn) + 22); data/rspamd-2.5/src/libmime/mime_parser.c:493:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hlen = strlen (cur->decoded); data/rspamd-2.5/src/libmime/mime_parser.c:803:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ct = rspamd_content_type_parse (cur->decoded, strlen (cur->decoded), data/rspamd-2.5/src/libmime/mime_parser.c:1457:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ct = rspamd_content_type_parse (cur->decoded, strlen (cur->decoded), data/rspamd-2.5/src/libmime/scan_result.c:296:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_task_add_result_option (task, s, opt, strlen (opt)); data/rspamd-2.5/src/libmime/scan_result.c:463:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_task_add_result_option (task, s, opt, strlen (opt)); data/rspamd-2.5/src/libserver/cfg_rcl.c:1175:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (st->symbol),"spam", 4) != -1) { data/rspamd-2.5/src/libserver/cfg_rcl.c:1179:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (st->symbol),"ham", 3) != -1) { data/rspamd-2.5/src/libserver/cfg_rcl.c:1631:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HASH_ADD_KEYPTR (hh, *top, new->name, strlen (new->name), new); data/rspamd-2.5/src/libserver/cfg_rcl.c:1660:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HASH_ADD_KEYPTR (hh, *top, new_section->name, strlen (new_section->name), new_section); data/rspamd-2.5/src/libserver/cfg_rcl.c:1691:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HASH_ADD_KEYPTR (hh, section->default_parser, nhandler->key, strlen ( data/rspamd-2.5/src/libserver/cfg_rcl.c:3395:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (val), tmp_addr); data/rspamd-2.5/src/libserver/cfg_rcl.c:3422:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_cryptobox_fast_hash_update (&st, k->name, strlen (k->name)); data/rspamd-2.5/src/libserver/cfg_rcl.c:3789:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). MIN (sizeof (cfg->cfg_pool->tag.uid), strlen (cfg->checksum))); data/rspamd-2.5/src/libserver/cfg_utils.c:190:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). action->name, strlen (action->name), action); data/rspamd-2.5/src/libserver/cfg_utils.c:392:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (str); data/rspamd-2.5/src/libserver/cfg_utils.c:630:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = p + strlen (p); data/rspamd-2.5/src/libserver/cfg_utils.c:1374:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (st->symbol),"spam", 4) != -1) { data/rspamd-2.5/src/libserver/cfg_utils.c:1378:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (st->symbol),"ham", 3) != -1) { data/rspamd-2.5/src/libserver/cfg_utils.c:2156:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). act->name, strlen (act->name), act); data/rspamd-2.5/src/libserver/cfg_utils.c:2332:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). data, strlen (data), 0xdeadbabe); data/rspamd-2.5/src/libserver/cfg_utils.c:2519:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). id = rspamd_config_name_to_id (name, strlen (name)); data/rspamd-2.5/src/libserver/composites.c:254:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gsize mlen = strlen (cur_opt->data.match); data/rspamd-2.5/src/libserver/dkim.c:807:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = p + strlen (p); data/rspamd-2.5/src/libserver/dkim.c:1210:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). taglen = strlen (ctx->domain) + strlen (ctx->selector) + data/rspamd-2.5/src/libserver/dkim.c:1210:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). taglen = strlen (ctx->domain) + strlen (ctx->selector) + data/rspamd-2.5/src/libserver/dkim.c:1433:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = txt + strlen (txt); data/rspamd-2.5/src/libserver/dkim.c:2171:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). inlen = strlen (header) + strlen (header_name) + sizeof (":" CRLF); data/rspamd-2.5/src/libserver/dkim.c:2171:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). inlen = strlen (header) + strlen (header_name) + sizeof (":" CRLF); data/rspamd-2.5/src/libserver/dkim.c:2313:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (rh->decoded), rspamd_hash_seed ()); data/rspamd-2.5/src/libserver/dkim.c:2979:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (headers), TRUE, data/rspamd-2.5/src/libserver/dkim.c:3137:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cur_len = (strlen (dh->name) + 1) * (count + 1); data/rspamd-2.5/src/libserver/dkim.c:3156:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cur_len = (strlen (dh->name) + 1) * (hstat.s.count); data/rspamd-2.5/src/libserver/dns.c:149:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). namelen = strlen (name); data/rspamd-2.5/src/libserver/dns.c:286:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). search.namelen = strlen (name); data/rspamd-2.5/src/libserver/dns.c:419:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!rspamd_parse_inet_address (&addr, name, strlen (name), data/rspamd-2.5/src/libserver/dns.c:683:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!rspamd_parse_inet_address (&addr, elts[0], strlen (elts[0]), data/rspamd-2.5/src/libserver/dns.c:692:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (*cur_name) == 0) { data/rspamd-2.5/src/libserver/fuzzy_backend/fuzzy_backend_redis.c:273:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (backend->redis_object)); data/rspamd-2.5/src/libserver/fuzzy_backend/fuzzy_backend_redis.c:277:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (backend->dbname)); data/rspamd-2.5/src/libserver/fuzzy_backend/fuzzy_backend_redis.c:282:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (backend->password)); data/rspamd-2.5/src/libserver/fuzzy_backend/fuzzy_backend_redis.c:486:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). init_len = strlen (session->backend->redis_object); data/rspamd-2.5/src/libserver/fuzzy_backend/fuzzy_backend_redis.c:1032:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). klen = strlen (session->backend->redis_object) + data/rspamd-2.5/src/libserver/fuzzy_backend/fuzzy_backend_redis.c:1059:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). klen = strlen (session->backend->redis_object) + data/rspamd-2.5/src/libserver/fuzzy_backend/fuzzy_backend_redis.c:1154:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). klen = strlen (session->backend->redis_object) + data/rspamd-2.5/src/libserver/fuzzy_backend/fuzzy_backend_redis.c:1199:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). klen = strlen (session->backend->redis_object) + data/rspamd-2.5/src/libserver/fuzzy_backend/fuzzy_backend_redis.c:1235:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). klen = strlen (session->backend->redis_object) + data/rspamd-2.5/src/libserver/fuzzy_backend/fuzzy_backend_redis.c:1278:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). klen = strlen (session->backend->redis_object) + data/rspamd-2.5/src/libserver/fuzzy_backend/fuzzy_backend_redis.c:1303:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). klen = strlen (session->backend->redis_object) + data/rspamd-2.5/src/libserver/fuzzy_backend/fuzzy_backend_sqlite.c:453:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_cryptobox_hash_update (&st, path, strlen (path)); data/rspamd-2.5/src/libserver/html.c:249:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). keys[i].len = strlen (html_colornames[i].name); data/rspamd-2.5/src/libserver/html.c:397:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rep_len = strlen (kh_val (html_entity_by_name, k)); data/rspamd-2.5/src/libserver/html.c:452:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rep_len = strlen (kh_val (html_entity_by_number, k)); data/rspamd-2.5/src/libserver/html.c:656:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rc = rspamd_url_parse (text_url, url_str, strlen (url_str), pool, data/rspamd-2.5/src/libserver/html.c:1444:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dlen += strlen (prefix); data/rspamd-2.5/src/libserver/html.c:1458:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gsize plen = strlen (prefix); data/rspamd-2.5/src/libserver/html.c:2176:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (e); data/rspamd-2.5/src/libserver/http/http_connection.c:901:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read (fd, data, len); data/rspamd-2.5/src/libserver/http/http_connection.c:1809:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (http_method_str (msg->method)) + 1; data/rspamd-2.5/src/libserver/http/http_connection.c:2014:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). guint vlen = strlen (priv->ctx->config.user_agent); data/rspamd-2.5/src/libserver/http/http_connection.c:2186:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). meth_len = strlen (http_method_str (msg->method)) + 1; /* + space */ data/rspamd-2.5/src/libserver/http/http_context.c:138:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (http_parser_parse_url (name, strlen (name), 1, &u) == 0) { data/rspamd-2.5/src/libserver/http/http_context.c:244:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (ctx->config.user_agent && strlen (ctx->config.user_agent) == 0) { data/rspamd-2.5/src/libserver/http/http_context.c:255:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (ctx->config.server_hdr && strlen (ctx->config.server_hdr) == 0) { data/rspamd-2.5/src/libserver/http/http_context.c:373:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). h = rspamd_cryptobox_fast_hash (k->host, strlen (k->host), h); data/rspamd-2.5/src/libserver/http/http_message.c:62:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). urllen = strlen (url); data/rspamd-2.5/src/libserver/http/http_message.c:529:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nlen = strlen (name); data/rspamd-2.5/src/libserver/http/http_message.c:560:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_http_message_add_header_len (msg, name, value, strlen (value)); data/rspamd-2.5/src/libserver/http/http_message.c:576:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nlen = strlen (name); data/rspamd-2.5/src/libserver/http/http_message.c:606:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). guint slen = strlen (name); data/rspamd-2.5/src/libserver/http/http_message.c:634:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). guint slen = strlen (name); data/rspamd-2.5/src/libserver/http/http_message.c:665:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). guint slen = strlen (name); data/rspamd-2.5/src/libserver/http/http_router.c:88:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_http_message_set_body (msg, err->message, strlen (err->message)); data/rspamd-2.5/src/libserver/http/http_router.c:228:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (err->message)); data/rspamd-2.5/src/libserver/http/http_router.c:230:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). err_msg->status = rspamd_fstring_new_init (err->message, strlen (err->message)); data/rspamd-2.5/src/libserver/http/http_router.c:432:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). storage = rspamd_fstring_new_init (path, strlen (path)); data/rspamd-2.5/src/libserver/http/http_util.c:49:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = header + strlen (header); data/rspamd-2.5/src/libserver/logger/logger.c:680:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (message), data/rspamd-2.5/src/libserver/logger/logger_console.c:207:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iov[niov++].iov_len = strlen (timebuf); data/rspamd-2.5/src/libserver/logger/logger_console.c:230:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). guint slen = strlen (id); data/rspamd-2.5/src/libserver/logger/logger_file.c:528:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). guint slen = strlen (id); data/rspamd-2.5/src/libserver/maps/map.c:99:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cbd->data->path, strlen (cbd->data->path)); data/rspamd-2.5/src/libserver/maps/map.c:115:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (cbd->data->rest)); data/rspamd-2.5/src/libserver/maps/map.c:586:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((r = read (fd, pos, avail)) > 0) { data/rspamd-2.5/src/libserver/maps/map.c:793:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). map->read_callback (data->filename, strlen (data->filename), data/rspamd-2.5/src/libserver/maps/map.c:1327:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_cryptobox_hash (digest, bk->uri, strlen (bk->uri), NULL, 0); data/rspamd-2.5/src/libserver/maps/map.c:1356:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_cryptobox_hash (digest, bk->uri, strlen (bk->uri), NULL, 0); data/rspamd-2.5/src/libserver/maps/map.c:1439:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_cryptobox_hash (digest, bk->uri, strlen (bk->uri), NULL, 0); data/rspamd-2.5/src/libserver/maps/map.c:1513:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_cryptobox_hash (digest, bk->uri, strlen (bk->uri), NULL, 0); data/rspamd-2.5/src/libserver/maps/map.c:1532:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read (fd, &header, sizeof (header)) != sizeof (header)) { data/rspamd-2.5/src/libserver/maps/map.c:1555:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read (fd, RSPAMD_FSTRING_DATA (etag), header.etag_len) != header.etag_len) { data/rspamd-2.5/src/libserver/maps/map.c:1691:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (data->host), RSPAMD_INET_ADDRESS_PARSE_DEFAULT)) { data/rspamd-2.5/src/libserver/maps/map.c:2234:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = pos + strlen (pos); data/rspamd-2.5/src/libserver/maps/map.c:2454:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = map_line + strlen (map_line); data/rspamd-2.5/src/libserver/maps/map.c:2488:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (http_parser_parse_url (bk->uri, strlen (bk->uri), FALSE, data/rspamd-2.5/src/libserver/maps/map.c:2525:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tok.len = strlen (tok.begin); data/rspamd-2.5/src/libserver/maps/map.c:2555:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bk->uri, strlen (bk->uri), 0xdeadbabe); data/rspamd-2.5/src/libserver/maps/map.c:2581:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_cryptobox_hash_update (&st, bk->uri, strlen (bk->uri)); data/rspamd-2.5/src/libserver/maps/map_helpers.c:457:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vlen = strlen (value); data/rspamd-2.5/src/libserver/maps/map_helpers.c:473:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_cryptobox_fast_hash_update (&r->hst, nk, strlen (nk)); data/rspamd-2.5/src/libserver/maps/map_helpers.c:486:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vlen = strlen (value); data/rspamd-2.5/src/libserver/maps/map_helpers.c:502:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_cryptobox_fast_hash_update (&r->hst, nk, strlen (nk)); data/rspamd-2.5/src/libserver/maps/map_helpers.c:516:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vlen = strlen (value); data/rspamd-2.5/src/libserver/maps/map_helpers.c:538:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_cryptobox_fast_hash_update (&ht->hst, nk, strlen (nk)); data/rspamd-2.5/src/libserver/maps/map_helpers.c:560:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). escaped = rspamd_str_regexp_escape (key, strlen (key), &escaped_len, data/rspamd-2.5/src/libserver/maps/map_helpers.c:579:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vlen = strlen (value); data/rspamd-2.5/src/libserver/maps/map_helpers.c:594:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_cryptobox_fast_hash_update (&re_map->hst, nk, strlen (nk)); data/rspamd-2.5/src/libserver/maps/map_helpers.c:971:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). escaped = rspamd_str_regexp_escape (pat, strlen (pat), NULL, data/rspamd-2.5/src/libserver/maps/map_helpers.c:976:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). escaped = rspamd_str_regexp_escape (pat, strlen (pat), NULL, data/rspamd-2.5/src/libserver/milter.c:949:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read (priv->fd, priv->parser.buf->str + priv->parser.buf->len, data/rspamd-2.5/src/libserver/milter.c:1199:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (reason); data/rspamd-2.5/src/libserver/milter.c:1392:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (found->len == strlen (milter_ctx->client_ca_name) && data/rspamd-2.5/src/libserver/milter.c:1970:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (milter_ctx->reject_message)); data/rspamd-2.5/src/libserver/monitored.c:558:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_cryptobox_hash_update (&st, m->url, strlen (m->url)); data/rspamd-2.5/src/libserver/monitored.c:559:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_cryptobox_hash_update (&st, loc, strlen (loc)); data/rspamd-2.5/src/libserver/protocol.c:954:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (task->user); data/rspamd-2.5/src/libserver/protocol.c:1057:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (s); data/rspamd-2.5/src/libserver/protocol.c:1060:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). subj_buf = g_string_sized_new (strlen (c) + slen); data/rspamd-2.5/src/libserver/protocol.c:2042:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (task->err->message)); data/rspamd-2.5/src/libserver/re_cache.c:1007:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lenvec[i] = strlen (cur->value); data/rspamd-2.5/src/libserver/re_cache.c:1022:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lenvec[i] = strlen (in); data/rspamd-2.5/src/libserver/re_cache.c:1272:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lenvec[0] = strlen (rh->decoded); data/rspamd-2.5/src/libserver/re_cache.c:1477:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). typelen = strlen (type_data); data/rspamd-2.5/src/libserver/re_cache.c:1611:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str, strlen (str), 0xdeadbabe); data/rspamd-2.5/src/libserver/re_cache.c:1678:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). escaped = rspamd_str_regexp_escape (pat, strlen (pat), &esc_len,esc_flags); data/rspamd-2.5/src/libserver/re_cache.c:1833:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). g_assert (read (fd, &n, sizeof (n)) == sizeof (n)); data/rspamd-2.5/src/libserver/re_cache.c:2196:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (path); data/rspamd-2.5/src/libserver/re_cache.c:2226:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((r = read (fd, magicbuf, sizeof (magicbuf))) != sizeof (magicbuf)) { data/rspamd-2.5/src/libserver/re_cache.c:2258:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((r = read (fd, &test_plt, sizeof (test_plt))) != sizeof (test_plt)) { data/rspamd-2.5/src/libserver/redis_pool.c:92:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_cryptobox_fast_hash_update (&st, db, strlen (db)); data/rspamd-2.5/src/libserver/redis_pool.c:95:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_cryptobox_fast_hash_update (&st, password, strlen (password)); data/rspamd-2.5/src/libserver/redis_pool.c:98:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_cryptobox_fast_hash_update (&st, ip, strlen (ip)); data/rspamd-2.5/src/libserver/roll_history.c:220:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read (fd, magic, sizeof (magic)) == -1) { data/rspamd-2.5/src/libserver/rspamd_control.c:784:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (void)read (fd, &rep, sizeof (rep)); data/rspamd-2.5/src/libserver/rspamd_control.c:796:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (void) read (fd, &rep, sizeof (rep)); data/rspamd-2.5/src/libserver/rspamd_symcache.c:1176:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cache->cksum = t1ha (name, strlen (name), data/rspamd-2.5/src/libserver/spf.c:651:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dend = dstart + strlen (dstart) - 1; data/rspamd-2.5/src/libserver/spf.c:653:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nend = nstart + strlen (nstart) - 1; data/rspamd-2.5/src/libserver/spf.c:1394:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (semicolon); data/rspamd-2.5/src/libserver/spf.c:1461:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (semicolon); data/rspamd-2.5/src/libserver/spf.c:1818:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen (rec->sender); data/rspamd-2.5/src/libserver/spf.c:1826:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen (rec->local_part); data/rspamd-2.5/src/libserver/spf.c:1834:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen (rec->sender_domain); data/rspamd-2.5/src/libserver/spf.c:1842:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen (resolved->cur_domain); data/rspamd-2.5/src/libserver/spf.c:1853:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen (task->helo); data/rspamd-2.5/src/libserver/spf.c:1967:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). macro_len = strlen (rec->sender); data/rspamd-2.5/src/libserver/spf.c:1977:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). macro_len = strlen (rec->local_part); data/rspamd-2.5/src/libserver/spf.c:1987:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). macro_len = strlen (rec->sender_domain); data/rspamd-2.5/src/libserver/spf.c:1997:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). macro_len = strlen (resolved->cur_domain); data/rspamd-2.5/src/libserver/spf.c:2024:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). macro_len = strlen (tmp + 1); data/rspamd-2.5/src/libserver/spf.c:2028:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). macro_len = strlen (task->helo); data/rspamd-2.5/src/libserver/spf.c:2293:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (begin); data/rspamd-2.5/src/libserver/ssl_util.c:165:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (domain == NULL || strlen (domain) == 1) { data/rspamd-2.5/src/libserver/ssl_util.c:230:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (len < 0 || len != (gint)strlen (data)) { data/rspamd-2.5/src/libserver/ssl_util.c:306:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (common_name_len != (gint)strlen (common_name)) { data/rspamd-2.5/src/libserver/task.c:356:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flen = strlen (filepath); data/rspamd-2.5/src/libserver/task.c:454:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flen = strlen (filepath); data/rspamd-2.5/src/libserver/task.c:913:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (task->deliver_to)); data/rspamd-2.5/src/libserver/task.c:1098:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res.len = strlen (res.begin); data/rspamd-2.5/src/libserver/task.c:1390:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). var.len = strlen (var.begin); data/rspamd-2.5/src/libserver/task.c:1400:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). var.len = strlen (var.begin); data/rspamd-2.5/src/libserver/task.c:1410:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). var.len = strlen (var.begin); data/rspamd-2.5/src/libserver/task.c:1420:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). var.len = strlen (var.begin); data/rspamd-2.5/src/libserver/task.c:1442:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). var.len = strlen (var.begin); data/rspamd-2.5/src/libserver/task.c:1448:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). var.len = strlen (var.begin); data/rspamd-2.5/src/libserver/task.c:1510:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). var.len = strlen (task->msg.fpath); data/rspamd-2.5/src/libserver/task.c:1547:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). var.len = strlen (task->settings_elt->name); data/rspamd-2.5/src/libserver/task.c:1692:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). srch.len = strlen (name); data/rspamd-2.5/src/libserver/task.c:1937:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read (w->fd, fake_buf, sizeof (fake_buf)); data/rspamd-2.5/src/libserver/url.c:1676:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uri->hostlen = strlen (start_offset); data/rspamd-2.5/src/libserver/url.c:2475:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = pos + strlen (match->pattern); data/rspamd-2.5/src/libserver/url.c:2968:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cb->len = m.m_len + strlen (matcher->prefix); data/rspamd-2.5/src/libserver/url.c:3127:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cb->len = m.m_len + strlen (matcher->prefix); data/rspamd-2.5/src/libserver/url.c:3151:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (cb->url_str), pool, data/rspamd-2.5/src/libserver/url.c:3347:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). inlen = strlen (in); data/rspamd-2.5/src/libserver/url.c:3395:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). inlen = strlen (in); data/rspamd-2.5/src/libserver/url.c:3460:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (url_str), data/rspamd-2.5/src/libserver/worker_util.c:615:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). reply = rspamd_fstring_new_init (str, strlen (str)); data/rspamd-2.5/src/libstat/backends/redis_backend.c:213:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlen += strlen (elt); data/rspamd-2.5/src/libstat/backends/redis_backend.c:226:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlen += strlen (elt); data/rspamd-2.5/src/libstat/backends/redis_backend.c:231:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlen += strlen (stcf->label); data/rspamd-2.5/src/libstat/backends/redis_backend.c:241:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlen += strlen (stcf->symbol); data/rspamd-2.5/src/libstat/backends/redis_backend.c:393:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd_len = strlen (command); data/rspamd-2.5/src/libstat/backends/redis_backend.c:394:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix_len = strlen (prefix); data/rspamd-2.5/src/libstat/backends/redis_backend.c:1845:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (gint)strlen (rt->redis_object_expanded), data/rspamd-2.5/src/libstat/backends/redis_backend.c:1847:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (gint)strlen (learned_key), data/rspamd-2.5/src/libstat/backends/redis_backend.c:1861:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (gint)strlen (rt->redis_object_expanded), data/rspamd-2.5/src/libstat/backends/redis_backend.c:1863:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (gint)strlen (learned_key), data/rspamd-2.5/src/libstat/backends/sqlite3_backend.c:509:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (gint64)strlen (tok_conf_encoded), data/rspamd-2.5/src/libstat/learn_cache/redis_cache.c:214:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_cryptobox_hash_update (&st, user, strlen (user)); data/rspamd-2.5/src/libstat/learn_cache/sqlite3_cache.c:198:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_cryptobox_hash_update (&st, user, strlen (user)); data/rspamd-2.5/src/libstat/tokenizers/osb.c:288:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix, strlen (prefix), osb_cf->seed); data/rspamd-2.5/src/libstat/tokenizers/tokenizers.c:655:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (MESSAGE_FIELD (task, subject)), task); data/rspamd-2.5/src/libstat/tokenizers/tokenizers.c:664:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_add_metawords_from_str (addr->name, strlen (addr->name), task); data/rspamd-2.5/src/libstat/tokenizers/tokenizers.c:923:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dlen = stemmed ? strlen (stemmed) : 0; data/rspamd-2.5/src/libutil/addr.c:454:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (text); data/rspamd-2.5/src/libutil/addr.c:503:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (text); data/rspamd-2.5/src/libutil/addr.c:1421:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). namelen = strlen (name); data/rspamd-2.5/src/libutil/addr.c:1459:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str, strlen (str), RSPAMD_INET_ADDRESS_PARSE_DEFAULT)) { data/rspamd-2.5/src/libutil/addr.c:1469:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). namelen = strlen (str); data/rspamd-2.5/src/libutil/addr.c:1478:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). namelen = strlen (str); data/rspamd-2.5/src/libutil/addr.c:1496:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). namelen = strlen (str); data/rspamd-2.5/src/libutil/expression.c:598:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (line); data/rspamd-2.5/src/libutil/fstring.c:459:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (pat); data/rspamd-2.5/src/libutil/fstring.h:215:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (t)->len = strlen (str); \ data/rspamd-2.5/src/libutil/mem_pool.c:64:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return (guint)rspamd_cryptobox_fast_hash (str, strlen (str), rspamd_hash_seed ()); data/rspamd-2.5/src/libutil/mem_pool.c:584:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (src); data/rspamd-2.5/src/libutil/mem_pool.c:1176:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gint hv = rspamd_cryptobox_fast_hash (name, strlen (name), data/rspamd-2.5/src/libutil/mem_pool.c:1212:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gint hv = rspamd_cryptobox_fast_hash (name, strlen (name), data/rspamd-2.5/src/libutil/mem_pool.c:1232:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gint hv = rspamd_cryptobox_fast_hash (name, strlen (name), data/rspamd-2.5/src/libutil/multipattern.c:122:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = slen + strlen (prefix); data/rspamd-2.5/src/libutil/multipattern.c:127:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = slen + strlen (prefix); data/rspamd-2.5/src/libutil/multipattern.c:131:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen (suffix); data/rspamd-2.5/src/libutil/multipattern.c:183:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (prefix); data/rspamd-2.5/src/libutil/multipattern.c:315:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_multipattern_add_pattern_len (mp, pattern, strlen (pattern), flags); data/rspamd-2.5/src/libutil/printf.c:793:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (p); data/rspamd-2.5/src/libutil/printf.c:814:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (p); data/rspamd-2.5/src/libutil/printf.c:821:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). RSPAMD_PRINTF_APPEND (b32buf, strlen (b32buf)); data/rspamd-2.5/src/libutil/printf.c:837:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (p); data/rspamd-2.5/src/libutil/printf.c:864:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (p); data/rspamd-2.5/src/libutil/printf.c:881:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (p); data/rspamd-2.5/src/libutil/regexp.c:106:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_cryptobox_hash_update (&st, flags, strlen (flags)); data/rspamd-2.5/src/libutil/regexp.c:109:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_cryptobox_hash_update (&st, pattern, strlen (pattern)); data/rspamd-2.5/src/libutil/regexp.c:347:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = start + strlen (pattern); data/rspamd-2.5/src/libutil/regexp.c:367:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = pattern + strlen (pattern); data/rspamd-2.5/src/libutil/regexp.c:547:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (text); data/rspamd-2.5/src/libutil/regexp.c:681:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (text); data/rspamd-2.5/src/libutil/regexp.c:882:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (text); data/rspamd-2.5/src/libutil/regexp.c:1202:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sz = strlen (gl); data/rspamd-2.5/src/libutil/rrd.c:218:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read (fd, &head, sizeof (head)) != sizeof (head)) { data/rspamd-2.5/src/libutil/rrd.c:274:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read (fd, &rra, sizeof (rra)) != sizeof (rra)) { data/rspamd-2.5/src/libutil/rrd.c:340:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_cryptobox_hash_update (&st, file->filename, strlen (file->filename)); data/rspamd-2.5/src/libutil/sqlite_utils.c:234:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read (fd, &pid, sizeof (pid)); data/rspamd-2.5/src/libutil/str_util.c:250:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (p); data/rspamd-2.5/src/libutil/str_util.c:260:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen ((const gchar *)key); data/rspamd-2.5/src/libutil/str_util.c:1162:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s1len = strlen (s1); data/rspamd-2.5/src/libutil/str_util.c:1165:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s2len = strlen (s2); data/rspamd-2.5/src/libutil/str_util.c:1280:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res = g_string_sized_new (strlen (value)); data/rspamd-2.5/src/libutil/str_util.c:1285:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cur_len = strlen (name) + 2; data/rspamd-2.5/src/libutil/upstream.c:1004:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (str); data/rspamd-2.5/src/libutil/upstream.c:1023:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). semicolon_pos = plus_pos + strlen (plus_pos); data/rspamd-2.5/src/libutil/upstream.c:1058:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (rspamd_parse_inet_address (&addr, str, strlen (str), data/rspamd-2.5/src/libutil/upstream.c:1131:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (upstream->name), 0); data/rspamd-2.5/src/libutil/upstream.c:1244:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return rspamd_upstreams_parse_line_len (ups, str, strlen (str), data/rspamd-2.5/src/libutil/util.c:582:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end_of_buffer = argv[i] + strlen (argv[i]); data/rspamd-2.5/src/libutil/util.c:591:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end_of_buffer = envp[i] + strlen (envp[i]); data/rspamd-2.5/src/libutil/util.c:673:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). written = strlen (title_buffer); data/rspamd-2.5/src/libutil/util.c:726:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). i = read (fd, buf, sizeof (buf) - 1); data/rspamd-2.5/src/libutil/util.c:844:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (pwrite (fd, pidstr, strlen (pidstr), 0) != (ssize_t) strlen (pidstr)) { data/rspamd-2.5/src/libutil/util.c:844:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (pwrite (fd, pidstr, strlen (pidstr), 0) != (ssize_t) strlen (pidstr)) { data/rspamd-2.5/src/libutil/util.c:927:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rcptlen = strlen (rcpt); data/rspamd-2.5/src/libutil/util.c:934:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fromlen = strlen (from); data/rspamd-2.5/src/libutil/util.c:1194:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (variable); data/rspamd-2.5/src/libutil/util.c:1377:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen (buf); data/rspamd-2.5/src/libutil/util.c:1432:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (read (input, &ch, 1) == 1 && ch != '\n' && ch != '\r') { data/rspamd-2.5/src/libutil/util.c:1645:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). blen = strlen (pattern); data/rspamd-2.5/src/libutil/util.c:1854:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lena = strlen ((const char*)a); data/rspamd-2.5/src/libutil/util.c:1855:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lenb = strlen ((const char*)b); data/rspamd-2.5/src/lua/lua_cdb.c:113:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (cdb_find (cdb, what, strlen (what)) > 0) { data/rspamd-2.5/src/lua/lua_cfg_file.c:133:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (name), data/rspamd-2.5/src/lua/lua_common.c:764:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (RSPAMD_LEN_CHECK_STARTS_WITH(env[i], strlen (env[i]), "RSPAMD_")) { data/rspamd-2.5/src/lua/lua_common.c:1154:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lua_fname = g_malloc (strlen (module->path) + 2); data/rspamd-2.5/src/lua/lua_common.c:1155:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_snprintf (lua_fname, strlen (module->path) + 2, "@%s", data/rspamd-2.5/src/lua/lua_common.c:1349:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = p + strlen (extraction_pattern); data/rspamd-2.5/src/lua/lua_common.c:2397:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (p) > 20) { data/rspamd-2.5/src/lua/lua_config.c:1490:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ids[i] = rspamd_config_name_to_id (sym_elts[i], strlen (sym_elts[i])); data/rspamd-2.5/src/lua/lua_config.c:3022:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). header_len = strlen (header_str) + 1; data/rspamd-2.5/src/lua/lua_config.c:3319:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (p) > 20) { data/rspamd-2.5/src/lua/lua_html.c:284:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t->len = strlen (img->src); data/rspamd-2.5/src/lua/lua_http.c:933:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlen = strlen (user) + strlen (password) + 1; data/rspamd-2.5/src/lua/lua_http.c:933:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlen = strlen (user) + strlen (password) + 1; data/rspamd-2.5/src/lua/lua_ip.c:147:23: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. LUA_FUNCTION_DEF (ip, equal); data/rspamd-2.5/src/lua/lua_ip.c:584:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ip_str, strlen (ip_str), RSPAMD_INET_ADDRESS_PARSE_DEFAULT)) { data/rspamd-2.5/src/lua/lua_logger.c:193:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (p) > 30) { data/rspamd-2.5/src/lua/lua_mempool.c:463:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen ((const gchar *)pv); data/rspamd-2.5/src/lua/lua_mimepart.c:1228:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_cryptobox_hash (key, "rspamd", strlen ("rspamd"), NULL, 0); data/rspamd-2.5/src/lua/lua_mimepart.c:2017:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (cur->name),FALSE)) { data/rspamd-2.5/src/lua/lua_redis.c:757:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). arglens[0] = strlen (cmd); data/rspamd-2.5/src/lua/lua_redis.c:816:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). arglens[0] = strlen (cmd); data/rspamd-2.5/src/lua/lua_redis.c:921:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). host, strlen (host), RSPAMD_INET_ADDRESS_PARSE_DEFAULT)) { data/rspamd-2.5/src/lua/lua_redis.c:1205:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). host, strlen (host), RSPAMD_INET_ADDRESS_PARSE_DEFAULT)) { data/rspamd-2.5/src/lua/lua_task.c:1607:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read (fd, buf, sizeof (buf)); data/rspamd-2.5/src/lua/lua_task.c:3428:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen (addr->name) + 1; data/rspamd-2.5/src/lua/lua_task.c:4925:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tt = rspamd_parse_smtp_date (h->decoded, strlen (h->decoded)); data/rspamd-2.5/src/lua/lua_task.c:6312:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (cur->name), FALSE)) { data/rspamd-2.5/src/lua/lua_tcp.c:1074:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read (cbd->fd, inbuf, sizeof (inbuf)); data/rspamd-2.5/src/lua/lua_tcp.c:1790:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). host, strlen (host), RSPAMD_INET_ADDRESS_PARSE_DEFAULT)) { data/rspamd-2.5/src/lua/lua_tcp.c:1975:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). host, strlen (host), RSPAMD_INET_ADDRESS_PARSE_DEFAULT)) { data/rspamd-2.5/src/lua/lua_udp.c:374:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). host, strlen (host), RSPAMD_INET_ADDRESS_PARSE_DEFAULT)) { data/rspamd-2.5/src/lua/lua_util.c:503:25: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). LUA_FUNCTION_DEF (util, umask); data/rspamd-2.5/src/lua/lua_util.c:690:27: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). LUA_INTERFACE_DEF (util, umask), data/rspamd-2.5/src/lua/lua_util.c:1182:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). outlen = strlen (out); data/rspamd-2.5/src/lua/lua_util.c:3159:8: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). old = umask (mask); data/rspamd-2.5/src/lua/lua_util.c:3348:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). luaL_addlstring(B, s, strlen(s)) data/rspamd-2.5/src/lua/lua_util.c:3728:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). luaL_argcheck(L, strlen (s) == len, arg, "string contains zeros"); data/rspamd-2.5/src/lua/lua_util.c:3901:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = (int) strlen (data + pos); data/rspamd-2.5/src/lua/lua_worker.c:512:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gsize slen = strlen (s); data/rspamd-2.5/src/lua/lua_worker.c:655:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read (cbdata->sp[0], cbdata->io_buf->str + cbdata->io_buf->len, data/rspamd-2.5/src/lua/lua_worker.c:700:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read (cbdata->sp[0], cbdata->io_buf->str + cbdata->io_buf->len, data/rspamd-2.5/src/lua/lua_worker.c:851:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = read (cbdata->sp[1], inbuf, sizeof (inbuf)); data/rspamd-2.5/src/plugins/dkim_check.c:801:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). keylen = strlen (pubkey); data/rspamd-2.5/src/plugins/dkim_check.c:958:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (domain))) != NULL) { data/rspamd-2.5/src/plugins/dkim_check.c:1030:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tracelen = strlen (domain) + strlen (selector) + 4; data/rspamd-2.5/src/plugins/dkim_check.c:1030:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tracelen = strlen (domain) + strlen (selector) + 4; data/rspamd-2.5/src/plugins/dkim_check.c:1223:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). domain, strlen (domain)) == NULL)) { data/rspamd-2.5/src/plugins/fuzzy_check.c:545:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_cryptobox_hash (rule->hash_key->str, key_str, strlen (key_str), NULL, 0); data/rspamd-2.5/src/plugins/fuzzy_check.c:558:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (shingles_key_str), NULL, 0); data/rspamd-2.5/src/plugins/fuzzy_check.c:1512:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (MESSAGE_FIELD (task, subject))); data/rspamd-2.5/src/plugins/fuzzy_check.c:2107:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((r = read (session->fd, buf, sizeof (buf) - 1)) == -1) { data/rspamd-2.5/src/plugins/fuzzy_check.c:2498:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((r = read (fd, buf, sizeof (buf) - 1)) == -1) { data/rspamd-2.5/src/plugins/fuzzy_check.c:3346:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (map->symbol) == arg->len && data/rspamd-2.5/src/rspamadm/commands.c:237:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ext_pos = rspamd_substring_search (path, strlen (path), ".lua", 4); data/rspamd-2.5/src/rspamadm/configdump.c:325:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). "public", strlen ("public"), false); data/rspamd-2.5/src/rspamadm/configdump.c:328:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). "disabled", strlen ("disabled"), false); data/rspamd-2.5/src/rspamadm/configdump.c:331:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). "one_shot", strlen ("one_shot"), false); data/rspamd-2.5/src/rspamadm/configdump.c:334:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). "max_score", strlen ("max_score"), false); data/rspamd-2.5/src/rspamadm/configdump.c:337:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). "description", strlen ("description"), false); data/rspamd-2.5/src/rspamadm/configdump.c:353:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). "score", strlen ("score"), data/rspamd-2.5/src/rspamadm/configdump.c:357:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). "description", strlen ("description"), false); data/rspamd-2.5/src/rspamadm/configdump.c:360:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). "disabled", strlen ("disabled"), data/rspamd-2.5/src/rspamadm/configdump.c:366:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). "one_shot", strlen ("one_shot"), data/rspamd-2.5/src/rspamadm/configdump.c:372:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). "one_shot", strlen ("one_shot"), data/rspamd-2.5/src/rspamadm/configdump.c:389:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). "extra_groups", strlen ("extra_groups"), data/rspamd-2.5/src/rspamadm/configdump.c:393:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (sym_name), true); data/rspamd-2.5/src/rspamadm/configdump.c:397:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen ("symbols"), false); data/rspamd-2.5/src/rspamadm/configdump.c:400:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ucl_object_insert_key (out, gr_ucl, gr_name, strlen (gr_name), data/rspamd-2.5/src/rspamadm/confighelp.c:181:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gsize len = strlen (str); data/rspamd-2.5/src/rspamadm/control.c:227:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). control_path, strlen (control_path), RSPAMD_INET_ADDRESS_PARSE_DEFAULT)) { data/rspamd-2.5/src/rspamadm/control.c:248:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg->url = rspamd_fstring_new_init (path, strlen (path)); data/rspamd-2.5/src/rspamadm/dkim_keygen.c:222:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_explicit_memzero (base64_sk, strlen (base64_sk)); data/rspamd-2.5/src/rspamadm/dkim_keygen.c:235:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_explicit_memzero (base64_sk, strlen (base64_sk)); data/rspamd-2.5/src/rspamadm/dkim_keygen.c:256:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_explicit_memzero (base64_sk, strlen (base64_sk)); data/rspamd-2.5/src/rspamadm/dkim_keygen.c:275:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_explicit_memzero (base64_sk, strlen (base64_sk)); data/rspamd-2.5/src/rspamadm/lua_repl.c:169:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_path = g_string_sized_new (len + strlen (path) + sizeof("/?.lua")); data/rspamd-2.5/src/rspamadm/lua_repl.c:250:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tb = g_string_sized_new (strlen (input) + sizeof ("return ")); data/rspamd-2.5/src/rspamadm/lua_repl.c:412:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (rspamd_strtoul (argv[1], strlen (argv[1]), &cbref)) { data/rspamd-2.5/src/rspamadm/lua_repl.c:973:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hist_path = g_string_sized_new (strlen (homedir) + data/rspamd-2.5/src/rspamadm/lua_repl.c:974:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (default_history_file) + 1); data/rspamd-2.5/src/rspamadm/lua_repl.c:979:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hist_path = g_string_sized_new (strlen (default_history_file) + 2); data/rspamd-2.5/src/rspamadm/pw.c:121:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). plen = strlen (password); data/rspamd-2.5/src/rspamadm/pw.c:133:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_cryptobox_pbkdf (password, strlen (password), data/rspamd-2.5/src/rspamadm/rspamadm.c:310:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). clen = strlen (cmd); data/rspamd-2.5/src/rspamadm/rspamadm.c:311:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). inplen = strlen (input); data/rspamd-2.5/src/rspamadm/rspamadm.c:535:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gsize cmdlen = strlen (cmd_name); data/rspamd-2.5/src/rspamadm/rspamadm.c:589:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gsize arglen = strlen (argv[i + nargc - 1]); data/rspamd-2.5/src/rspamadm/signtool.c:163:21: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). mode_t cur_umask = umask (S_IRWXO|S_IRWXG); data/rspamd-2.5/src/rspamadm/signtool.c:165:8: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). (void)umask (cur_umask); data/rspamd-2.5/src/rspamadm/signtool.c:558:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pk = rspamd_pubkey_from_base32 (pubkey, strlen (pubkey), data/rspamd-2.5/src/rspamadm/signtool.c:564:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (guint)strlen (pubkey), data/rspamd-2.5/src/rspamd.c:580:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_cryptobox_fast_hash_update (&st, cf->name, strlen (cf->name)); data/rspamd-2.5/src/rspamd.c:583:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_cryptobox_fast_hash_update (&st, cf->name, strlen (cf->name)); data/rspamd-2.5/src/rspamd.c:1431:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (rspamd_main->cfg->control_socket_path), data/rspamd-2.5/src/rspamd_proxy.c:1235:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). srch.len = strlen ("File"); data/rspamd-2.5/src/rspamd_proxy.c:1397:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg->url = rspamd_fstring_append (msg->url, "/check", strlen ("/check")); data/rspamd-2.5/src/rspamd_proxy.c:1495:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). reply->status = rspamd_fstring_new_init (status, strlen (status)); data/rspamd-2.5/src/rspamd_proxy.c:1501:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). status, strlen (status)); data/rspamd-2.5/src/rspamd_proxy.c:2053:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). "/" MSG_CMD_CHECK_V2, strlen ("/" MSG_CMD_CHECK_V2)); data/rspamd-2.5/src/worker.c:259:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (err->message)); data/rspamd-2.5/src/worker.c:264:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen ("Internal error")); data/rspamd-2.5/test/rspamd_http_test.c:312:2: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep (100000); data/rspamd-2.5/test/rspamd_http_test.c:342:2: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep (100000); data/rspamd-2.5/test/rspamd_http_test.c:378:2: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep (100000); data/rspamd-2.5/test/rspamd_http_test.c:416:2: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep (100000); data/rspamd-2.5/test/rspamd_http_test.c:460:2: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep (100000); data/rspamd-2.5/test/rspamd_lua_test.c:104:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (dir) + sizeof ("/unit/") + sizeof ("*.lua"); data/rspamd-2.5/test/rspamd_lua_test.c:112:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lua_test_len = strlen (lua_test); data/rspamd-2.5/test/rspamd_lua_test.c:117:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path_start = strlen (globbuf.gl_pathv[i]) - lua_test_len; data/rspamd-2.5/test/rspamd_statfile_test.c:23:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask (S_IWGRP | S_IWOTH); data/rspamd-2.5/test/rspamd_upstream_test.c:86:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_parse_inet_address (&paddr, "127.0.0.2", strlen ("127.0.0.2"), data/rspamd-2.5/test/rspamd_upstream_test.c:89:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rspamd_parse_inet_address (&paddr, "::1", strlen ("::1"), ANALYSIS SUMMARY: Hits = 1432 Lines analyzed = 299153 in approximately 6.60 seconds (45338 lines/second) Physical Source Lines of Code (SLOC) = 221178 Hits@level = [0] 298 [1] 530 [2] 812 [3] 32 [4] 54 [5] 4 Hits@level+ = [0+] 1730 [1+] 1432 [2+] 902 [3+] 90 [4+] 58 [5+] 4 Hits/KSLOC@level+ = [0+] 7.82175 [1+] 6.47442 [2+] 4.07816 [3+] 0.406912 [4+] 0.262232 [5+] 0.018085 Dot directories skipped = 3 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.